Vulnerabilities

Compliance

Vulnerability Name	Compliance	Severity
AngularJS library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Application error message	{"ISO 27001"=>"A.5.33, A.5.34, A.8.4, A.8.9, A.8.12, A.8.26", "owasp10"=>"A5", "pci"=>"6.5.5"}	medium
ASP.NET debugging enabled	{"ISO 27001"=>"A.5.33, A.5.34, A.8.4, A.8.9, A.8.12", "owasp10"=>"A5", "pci"=>"6.5.5"}	low
ASP.NET tracing enabled	{"ISO 27001"=>"A.5.33, A.5.34, A.8.4, A.8.9, A.8.12", "owasp10"=>"A5", "pci"=>"6.5.5"}	high
ASP.NET ViewState without MAC	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5"}	low
Axios library with known vulnerabilities library with known vulnerabilities library with known vulnerabilities	{"owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Axios library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Backbone library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Bootstrap library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Browser content sniffing allowed	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5"}	low
Browser XSS protection disabled	{"owasp10"=>"A5"}	low
Certificate with insufficient key size or usage, or insecure signature algorithm	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	low
Certificate without revocation information	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	low
Chart.js library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
CKEditor library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Cookie with SameSite attribute set to None	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24, A.8.26", "owasp10"=>"A2, A7", "pci"=>"4.1, 6.5.4, 6.5.10"}	low
Cookie without HttpOnly flag	{"ISO 27001"=>"A.8.26", "owasp10"=>"A7", "pci"=>"6.5.10"}	low
Cross Origin Resource Sharing: Arbitrary Origin Trusted	{"ISO 27001"=>"A.8.2, A.8.3, A.8.26", "owasp10"=>"A1", "pci"=>"6.5.8"}	low
Deprecated TLS protocol version 1.0 supported	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	low
Deprecated TLS protocol version 1.1 supported	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	low
Directory Listing	{"ISO 27001"=>"A.8.4, A.8.9", "owasp10"=>"A1, A5"}	low
Dojo library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
DOMPurify library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Drupal version with known vulnerabilities	{}	high
DWR library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
easyXDM library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Ember library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Expired TLS certificate	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	medium
Flowplayer library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Full path disclosure	{"ISO 27001"=>"A.8.4, A.8.9", "pci"=>"6.5.5"}	low
GraphQL Introspection enabled	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5"}	low
GraphQL Misconfiguration	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5"}	low
Handlebars library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Heartbleed	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12", "owasp10"=>"A6"}	high
Hidden file found	{"ISO 27001"=>"A.8.4, A.8.9, A.8.15, A.8.26", "owasp10"=>"A1, A5"}	low
HSTS header does not protect subdomains	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"}	low
HSTS header not enforced	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"}	low
HSTS header set in HTTP	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"}	low
HSTS header with low duration and no subdomain protection	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"}	low
HSTS header with low duration	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"}	low
HTTP TRACE method enabled	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5"}	low
Inclusion of cryptocurrency mining script	{"owasp10"=>"A8"}	high
Insecure browser XSS protection enabled	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5"}	low
Insecure Content Security Policy	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5"}	low
Insecure crossdomain.xml policy	{"ISO 27001"=>"A.8.2, A.8.3, A.8.9, A.8.26", "owasp10"=>"A5"}	low
Insecure PHP Object deserialization	{"ISO 27001"=>"A.8.26", "owasp10"=>"A8"}	high
Insecure referrer policy	{"ISO 27001"=>"A.8.9", "owasp10"=>"A2, A5"}	low
Insecure Silverlight clientaccesspolicy.xml policy	{"ISO 27001"=>"A.8.2, A.8.3, A.8.9", "owasp10"=>"A5"}	high
Insecure SSL protocol version 2 supported	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	medium
Insecure SSL protocol version 3 supported	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	medium
Invalid referrer policy	{"ISO 27001"=>"A.8.9", "owasp10"=>"A2, A5"}	low
Joomla! version with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	high
jPlayer library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
JQuery library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
JQuery Migrate library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
JQuery Mobile library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
jQuery UI library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
JSZip library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
JWT accepting none algorithm	{"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"}	high
JWT algorithm confusion	{"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"}	high
JWT signature is not being verified	{"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"}	high
Knockout library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Log file disclosure	{"ISO 27001"=>"A.8.9, A.8.15", "owasp10"=>"A5"}	low
Log4Shell	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12", "owasp10"=>"A3", "pci"=>"6.5.1"}	high
Missing clickjacking protection	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5"}	low
Missing Content Security Policy header	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5"}	low
Missing cross-site request forgery protection	{"ISO 27001"=>"A.8.2, A.8.3, A.8.26", "owasp10"=>"A7", "pci"=>"6.5.9, 6.5.10"}	low
Missing redirect to HTTPS	{}	low
Mixed content	{"ISO 27001"=>"A.5.14, A.8.24, A.8.26", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	low
Moment.js library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
MongoDB Injection	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"}	high
Mustache library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Next.js library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Open redirection	{"ISO 27001"=>"A.8.26"}	low
OS command injection	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"}	high
Path traversal	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.4, A.8.12, A.8.26", "owasp10"=>"A1", "pci"=>"6.5.8"}	high
PHP code injection	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"}	high
Plupload library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Potential DoS on TLS Client Renegotiation	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	low
prettyPhoto library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6"}	low
Private IP addresses disclosed	{"ISO 27001"=>"A.5.33, A.8.4, A.8.9, A.8.12", "owasp10"=>"A1, A5"}	low
Prototype library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Python code injection	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"}	high
React library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Referrer policy not defined	{"ISO 27001"=>"A.8.9", "owasp10"=>"A2, A5"}	low
Reflected cross-site scripting	{"ISO 27001"=>"A.8.26", "owasp10"=>"A3", "pci"=>"6.5.7"}	high
Remote File Inclusion	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.4, A.8.12, A.8.26", "pci"=>"6.5.1"}	high
Ruby code injection	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "pci"=>"6.5.1"}	high
Secure Renegotiation is not supported	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	low
Secure TLS protocol version 1.2 not supported	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	low
Server Cipher Order not configured	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	high
Server-side JavaScript injection	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"}	high
Server-side request forgery	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.4, A.8.12, A.8.26", "owasp10"=>"A10", "pci"=>"6.5.1"}	high
Server-side template injection	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"}	high
Session Token in URL	{"ISO 27001"=>"A.8.2, A.8.3, A.8.26", "owasp10"=>"A2, A7", "pci"=>"6.5.10"}	medium
Sessvars library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Spring Cloud SPEL Code Injection (CVE-2022-22963)	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12"}	high
Spring4Shell	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12"}	high
SQL Injection	{"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"}	high
SSL cookie without Secure flag	{"ISO 27001"=>"A.8.26", "owasp10"=>"A2, A7", "pci"=>"6.5.10"}	low
Stored cross-site scripting	{"ISO 27001"=>"A.8.26", "owasp10"=>"A3", "pci"=>"6.5.7"}	high
Svelte library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
SWFObject library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
TinyMCE library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5", "pci"=>"6.2"}	low
TLS certificate about to expire	{"ISO 27001"=>"A.8.9", "owasp10"=>"A2"}	low
TLS Downgrade attack prevention not supported	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	low
Underscore.js library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Unencrypted communications	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	high
Untrusted TLS certificate	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	medium
Using jwk parameter to verify JWTs	{"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"}	high
Vue.js library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low
Weak cipher suites enabled	{"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}	medium
Weak JWT HMAC secret	{"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"}	high
WordPress plugin with known vulnerabilities	{"owasp10"=>"A5, A6", "pci"=>"6.2"}	high
WordPress version with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	high
XML external entity injection	{"ISO 27001"=>"A.8.9, A.8.26", "owasp10"=>"A5"}	high
YUI library with known vulnerabilities	{"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"}	low