Severity High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity (Possible) Cross site scripting CWE-79 CWE-79 Informational Access-Control-Allow-Origin header with wildcard (*) value CWE-284 CWE-284 Informational Content Security Policy (CSP) not implemented CWE-1021 CWE-1021 Informational Content Security Policy Misconfiguration CWE-16 CWE-16 Informational Content type is not specified CWE-16 CWE-16 Informational Cookies with Secure flag set over insecure connection CWE-16 CWE-16 Informational Email addresses CWE-200 CWE-200 Informational Error page web server version disclosure CWE-200 CWE-200 Informational Express express-session weak secret key CWE-693 CWE-693 Informational File uploads CWE-16 CWE-16 Informational HTTP Strict Transport Security (HSTS) not following best practices CWE-16 CWE-16 Informational Insecure Referrer Policy CWE-16 CWE-16 Informational Internal IP address disclosure CWE-200 CWE-200 Informational Javascript Source map detected CWE-16 CWE-16 Informational JVM version leakage CWE-200 CWE-200 Informational Microsoft Frontpage configuration information CWE-200 CWE-200 Informational Microsoft IIS version disclosure CWE-200 CWE-200 Informational No HTTP Redirection CWE-16 CWE-16 Informational Outdated JavaScript libraries CWE-937 CWE-937 Informational Permissions-Policy header not implemented CWE-1021 CWE-1021 Informational PHP Version Disclosure Informational Possible server path disclosure (Unix) CWE-200 CWE-200 Informational Possible server path disclosure (Windows) CWE-200 CWE-200 Informational Possible username or password disclosure CWE-200 CWE-200 Informational Retired hash function in SAML Response CWE-16 CWE-16 Informational Reverse proxy detected CWE-16 CWE-16 Informational Subresource Integrity (SRI) not implemented CWE-830 CWE-830 Informational TLS/SSL (EC)DHE Key Reuse CWE-310 CWE-310 Informational Typo3 Admin publicly accessible CWE-200 CWE-200 Informational Web Application Firewall detected CWE-16 CWE-16 Informational Web server default welcome page CWE-200 CWE-200 Informational WordPress readme.html file CWE-200 CWE-200 Informational WordPress user registration enabled CWE-16 CWE-16 Informational