Vulnerability Name CVE Severity
(Possible) Cross site scripting
Access-Control-Allow-Origin header with wildcard (*) value
Content Security Policy (CSP) not implemented
Content Security Policy Misconfiguration
Content type is not specified
Cookies with Secure flag set over insecure connection
Email addresses
Error page web server version disclosure
Express express-session weak secret key
File uploads
HTTP Strict Transport Security (HSTS) not following best practices
Insecure Referrer Policy
Internal IP address disclosure
Javascript Source map detected
JVM version leakage
Microsoft Frontpage configuration information
Microsoft IIS version disclosure
No HTTP Redirection
Outdated JavaScript libraries
Permissions-Policy header not implemented
PHP Version Disclosure
Possible server path disclosure (Unix)
Possible server path disclosure (Windows)
Possible username or password disclosure
Retired hash function in SAML Response
Reverse proxy detected
Subresource Integrity (SRI) not implemented
TLS/SSL (EC)DHE Key Reuse
Typo3 Admin publicly accessible
Web Application Firewall detected
Web server default welcome page
WordPress readme.html file
WordPress user registration enabled