Vulnerability Name | Compliance | Severity |
---|
AngularJS library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Application error message | {"owasp10"=>"A5", "pci"=>"6.5.5"} | medium |
ASP.NET debugging enabled | {"owasp10"=>"A5", "pci"=>"6.5.5"} | low |
ASP.NET tracing enabled | {"owasp10"=>"A5", "pci"=>"6.5.5"} | high |
ASP.NET ViewState without MAC | {"owasp10"=>"A5"} | low |
Backbone library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Bootstrap library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Browser content sniffing allowed | {"owasp10"=>"A5"} | low |
Browser XSS protection disabled | {"owasp10"=>"A5"} | low |
Certificate with insufficient key size or usage, or insecure signature algorithm | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Certificate without revocation information | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
CKEditor library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Cookie without HttpOnly flag | {"owasp10"=>"A7", "pci"=>"6.5.10"} | low |
Cross Origin Resource Sharing: Arbitrary Origin Trusted | {"owasp10"=>"A1", "pci"=>"6.5.8"} | low |
Deprecated TLS protocol version 1.0 supported | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Deprecated TLS protocol version 1.1 supported | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Directory Listing | {"owasp10"=>"A1"} | low |
Dojo library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
DOMPurify library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
DWR library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
easyXDM library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Ember library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Expired TLS certificate | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
Flowplayer library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Full path disclosure | {"pci"=>"6.5.5"} | low |
GraphQL Introspection enabled | {"owasp10"=>"A5"} | low |
Handlebars library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Heartbleed | {"owasp10"=>"A6"} | high |
HSTS header does not protect subdomains | {"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
HSTS header not enforced | {"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
HSTS header set in HTTP | {"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
HSTS header with low duration and no subdomain protection | {"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
HSTS header with low duration | {"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
HTTP TRACE method enabled | {"owasp10"=>"A5"} | low |
Inclusion of cryptocurrency mining script | {} | high |
Insecure Content Security Policy | {"owasp10"=>"A5"} | low |
Insecure crossdomain.xml policy | {"owasp10"=>"A5"} | low |
Insecure PHP Object deserialization | {"owasp10"=>"A8"} | high |
Insecure referrer policy | {"owasp10"=>"A2, A5"} | low |
Insecure Silverlight clientaccesspolicy.xml policy | {"owasp10"=>"A5"} | high |
Insecure SSL protocol version 2 supported | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
Insecure SSL protocol version 3 supported | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
Invalid referrer policy | {"owasp10"=>"A2, A5"} | low |
Joomla! version with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | high |
jPlayer library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
JQuery library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
JQuery Migrate library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
JQuery Mobile library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
jQuery UI library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Knockout library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Log file disclosure | {"owasp10"=>"A5"} | low |
Log4Shell | {"owasp10"=>"A3", "pci"=>"6.5.1"} | high |
Missing clickjacking protection | {"owasp10"=>"A5"} | low |
Missing Content Security Policy header | {"owasp10"=>"A5"} | low |
Missing cross-site request forgery protection | {"owasp10"=>"A7", "pci"=>"6.5.9, 6.5.10"} | low |
Missing redirect to HTTPS | {} | low |
Mixed content | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Moment.js library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Mustache library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Open redirection | {} | low |
OS command injection | {"owasp10"=>"A3", "pci"=>"6.5.1"} | high |
Path traversal | {"owasp10"=>"A1", "pci"=>"6.5.8"} | high |
PHP code injection | {"owasp10"=>"A3", "pci"=>"6.5.1"} | high |
Plupload library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Potential DoS on TLS Client Renegotiation | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
prettyPhoto library with known vulnerabilities | {"owasp10"=>"A5, A6"} | low |
Private IP addresses disclosed | {} | low |
Prototype library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
React library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Referrer policy not defined | {"owasp10"=>"A2, A5"} | low |
Reflected cross-site scripting | {"owasp10"=>"A3", "pci"=>"6.5.7"} | high |
Remote File Inclusion | {} | high |
Secure Renegotiation is not supported | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Secure TLS protocol version 1.2 not supported | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Server Cipher Order not configured | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | high |
Server-side JavaScript injection | {"owasp10"=>"A3", "pci"=>"6.5.1"} | high |
Server-side template injection | {"owasp10"=>"A3", "pci"=>"6.5.1"} | high |
Session Token in URL | {"owasp10"=>"A2, A7", "pci"=>"6.5.10"} | medium |
Sessvars library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Spring Cloud SPEL Code Injection (CVE-2022-22963) | {} | high |
Spring4Shell | {} | high |
SQL Injection | {"owasp10"=>"A3", "pci"=>"6.5.1"} | high |
SSL cookie without Secure flag | {"owasp10"=>"A2, A7", "pci"=>"6.5.10"} | low |
Stored cross-site scripting | {"owasp10"=>"A3", "pci"=>"6.5.7"} | high |
SWFObject library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
TinyMCE library with known vulnerabilities | {"owasp10"=>"A5", "pci"=>"6.2"} | low |
TLS certificate about to expire | {"owasp10"=>"A2"} | low |
TLS Downgrade attack prevention not supported | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Unencrypted communications | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | high |
Untrusted TLS certificate | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
Vue.js library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Weak cipher suites enabled | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
WordPress plugin with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | high |
WordPress version with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | high |
XML external entity injection | {"owasp10"=>"A5"} | high |
YUI library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |