Vulnerability Name CVE Severity
(Possible) Cross site scripting
.htaccess File Detected
Access-Control-Allow-Origin header with wildcard (*) value
Content Security Policy (CSP) Not Implemented
Content Security Policy Misconfiguration
Cookies with Secure flag set over insecure connection
Error page web server version disclosure
Express express-session weak secret key
File Upload Functionality Detected
Generic Email Address Disclosure
HTTP Strict Transport Security (HSTS) Errors and Warnings
Insecure Referrer Policy
Javascript Source map detected
JVM version leakage
Microsoft Frontpage configuration information
Oracle JRE CVE-2012-0547 Vulnerability (CVE-2012-0547) CVE-2012-0547
Oracle JRE Other Vulnerability (CVE-2012-5085) CVE-2012-5085
Outdated JavaScript libraries
Permissions-Policy header not implemented
Retired hash function in SAML Response
Reverse Proxy Detected
Subresource Integrity (SRI) Not Implemented
TLS/SSL (EC)DHE Key Reuse
Typo3 Admin publicly accessible
Version Disclosure (IIS)
Web Application Firewall Detected
WebDAV Enabled
Web server default welcome page
WordPress readme.html file
WordPress user registration enabled
[Possible] Internal Path Disclosure (*nix)
[Possible] Internal Path Disclosure (Windows)
[Possible] WS_FTP Log File Detected