Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Citrix Gateway Open Redirect And XSS Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity (Possible) Cross site scripting CWE-79 CWE-79 Informational .htaccess File Detected CWE-443 CWE-443 Informational Access-Control-Allow-Origin header with wildcard (*) value CWE-284 CWE-284 Informational Content Security Policy (CSP) Not Implemented CWE-1021 CWE-1021 Informational Content Security Policy Misconfiguration CWE-16 CWE-16 Informational Cookies with Secure flag set over insecure connection CWE-16 CWE-16 Informational Error page web server version disclosure CWE-200 CWE-200 Informational Express express-session weak secret key CWE-693 CWE-693 Informational File Upload Functionality Detected CWE-16 CWE-16 Informational Generic Email Address Disclosure CWE-200 CWE-200 Informational HTTP Strict Transport Security (HSTS) Errors and Warnings CWE-16 CWE-16 Informational Insecure Referrer Policy CWE-16 CWE-16 Informational Javascript Source map detected CWE-16 CWE-16 Informational JVM version leakage CWE-200 CWE-200 Informational Microsoft Frontpage configuration information CWE-200 CWE-200 Informational Oracle JRE CVE-2012-0547 Vulnerability (CVE-2012-0547) CVE-2012-0547 Informational Oracle JRE Other Vulnerability (CVE-2012-5085) CVE-2012-5085 Informational Outdated JavaScript libraries CWE-937 CWE-937 Informational Permissions-Policy header not implemented CWE-1021 CWE-1021 Informational Retired hash function in SAML Response CWE-16 CWE-16 Informational Reverse Proxy Detected CWE-16 CWE-16 Informational Subresource Integrity (SRI) Not Implemented CWE-830 CWE-830 Informational TLS/SSL (EC)DHE Key Reuse CWE-310 CWE-310 Informational Typo3 Admin publicly accessible CWE-200 CWE-200 Informational Version Disclosure (IIS) CWE-200 CWE-200 Informational Web Application Firewall Detected CWE-16 CWE-16 Informational WebDAV Enabled CWE-16 CWE-16 Informational Web server default welcome page CWE-200 CWE-200 Informational WordPress readme.html file CWE-200 CWE-200 Informational WordPress user registration enabled CWE-16 CWE-16 Informational [Possible] Internal Path Disclosure (*nix) CWE-200 CWE-200 Informational [Possible] Internal Path Disclosure (Windows) CWE-200 CWE-200 Informational [Possible] WS_FTP Log File Detected CWE-538 CWE-538 Informational
