Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity (Possible) Cross site scripting CWE-79 CWE-79 Informational .htaccess File Detected CWE-443 CWE-443 Informational Access-Control-Allow-Origin header with wildcard (*) value CWE-284 CWE-284 Informational An Unsafe Content Security Policy (CSP) Directive in Use CWE-16 CWE-16 Informational Apple's App-Site Association (AASA) file CWE-200 CWE-200 Informational Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags CWE-16 CWE-16 Informational Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive CWE-16 CWE-16 Informational Content Security Policy (CSP) Contains Out of Scope report-uri Domain CWE-16 CWE-16 Informational Content Security Policy (CSP) Keywords Not Used Within Single Quotes CWE-16 CWE-16 Informational Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes CWE-16 CWE-16 Informational Content Security Policy (CSP) Nonce Without Matching Script Block CWE-16 CWE-16 Informational Content Security Policy (CSP) Not Implemented CWE-1021 CWE-1021 Informational Content Security Policy (CSP) report-uri Uses HTTP CWE-16 CWE-16 Informational Content Security Policy Misconfiguration CWE-16 CWE-16 Informational Cookies with Secure flag set over insecure connection CWE-16 CWE-16 Informational data: Used in a Content Security Policy (CSP) Directive CWE-16 CWE-16 Informational default-src Used in Content Security Policy (CSP) CWE-16 CWE-16 Informational Deprecated Header Instruction Used to Implement Content Security Policy (CSP) CWE-16 CWE-16 Informational Error page web server version disclosure CWE-200 CWE-200 Informational Express express-session weak secret key CWE-693 CWE-693 Informational File Upload Functionality Detected Informational Generic Email Address Disclosure CWE-200 CWE-200 Informational HTTP Strict Transport Security (HSTS) Errors and Warnings CWE-16 CWE-16 Informational Incorrect Content Security Policy (CSP) Implementation CWE-16 CWE-16 Informational Insecure Protocol Detected in Content Security Policy (CSP) CWE-16 CWE-16 Informational Insecure Referrer Policy CWE-16 CWE-16 Informational Insecure Transportation Security Protocol Supported (TLS 1.1) CWE-326 CWE-326 Informational Invalid Content Security Policy (CSP) Directive Identified in meta Elements CWE-16 CWE-16 Informational Javascript Source map detected CWE-16 CWE-16 Informational JVM version leakage CWE-200 CWE-200 Informational Magento 2.0-2.3 End of life CWE-1104 CWE-1104 Informational Microsoft Frontpage configuration information CWE-200 CWE-200 Informational Missing object-src in CSP Declaration CWE-16 CWE-16 Informational Multiple Content Security Policy (CSP) Implementation Detected CWE-16 CWE-16 Informational Nonce Usage Detected in Content Security Policy (CSP) Directive CWE-16 CWE-16 Informational No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP) CWE-16 CWE-16 Informational Oracle JRE CVE-2012-0547 Vulnerability (CVE-2012-0547) CVE-2012-0547 Informational Oracle JRE Other Vulnerability (CVE-2012-5085) CVE-2012-5085 Informational Outdated JavaScript libraries CWE-937 CWE-937 Informational Permissions-Policy header not implemented CWE-1021 CWE-1021 Informational Retired hash function in SAML Response CWE-16 CWE-16 Informational Reverse Proxy Detected CWE-16 CWE-16 Informational Scheme URI Detected in Content Security Policy (CSP) Directive CWE-16 CWE-16 Informational Static Nonce Identified in Content Security Policy (CSP) CWE-16 CWE-16 Informational Subresource Integrity (SRI) Not Implemented CWE-830 CWE-830 Informational TLS/SSL (EC)DHE Key Reuse CWE-310 CWE-310 Informational Typo3 Admin publicly accessible CWE-200 CWE-200 Informational Unsupported Hash Detected in Content Security Policy (CSP) CWE-16 CWE-16 Informational Weak Nonce Detected in Content Security Policy (CSP) Declaration CWE-16 CWE-16 Informational Web Application Firewall Detected CWE-16 CWE-16 Informational WebDAV Enabled CWE-16 CWE-16 Informational Web server default welcome page CWE-200 CWE-200 Informational Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive CWE-16 CWE-16 Informational Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive CWE-16 CWE-16 Informational Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive CWE-16 CWE-16 Informational WordPress readme.html file CWE-200 CWE-200 Informational WordPress user registration enabled CWE-16 CWE-16 Informational [Possible] Internal Path Disclosure (*nix) CWE-200 CWE-200 Informational [Possible] Internal Path Disclosure (Windows) CWE-200 CWE-200 Informational [Possible] WS_FTP Log File Detected CWE-538 CWE-538 Informational
