Vulnerability Name CVE Severity
ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204) CVE-2023-29300 CVE-2023-38203 CVE-2023-38204
ColdFusion WDDX Deserialization RCE (CVE-2023-44353) CVE-2023-44353
ColdFusion XSS (CVE-2023-44352) CVE-2023-44352
Collabtive Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-5285) CVE-2010-5285
Collabtive Improper Input Validation Vulnerability (CVE-2012-2670) CVE-2012-2670
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5284) CVE-2010-5284
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3247) CVE-2014-3247
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8935) CVE-2019-8935
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13655) CVE-2020-13655
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3298) CVE-2021-3298
Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4269) CVE-2010-4269
Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-6872) CVE-2013-6872
Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3246) CVE-2014-3246
Collabtive Improper Privilege Management Vulnerability (CVE-2013-5027) CVE-2013-5027
Collabtive Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2015-0258) CVE-2015-0258
Command Injection
Composer installed.json publicly accessible
concrete5 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8082) CVE-2017-8082
concrete5 CVE-2020-14961 Vulnerability (CVE-2020-14961) CVE-2020-14961
concrete5 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-5107) CVE-2014-5107
concrete5 Improper Input Validation Vulnerability (CVE-2017-18195) CVE-2017-18195
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5181) CVE-2012-5181
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5108) CVE-2014-5108
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9526) CVE-2014-9526
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2250) CVE-2015-2250
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3989) CVE-2015-3989
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-4721) CVE-2015-4721
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6905) CVE-2017-6905
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6908) CVE-2017-6908
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7725) CVE-2017-7725
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19146) CVE-2018-19146
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3111) CVE-2021-3111
concrete5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-4724) CVE-2015-4724
concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-13790) CVE-2018-13790
concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-22958) CVE-2021-22958
concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11476) CVE-2020-11476
concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24986) CVE-2020-24986
Configuration file disclosure
Configuration file source code disclosure
Confluence Widget Connector SSTI CVE-2019-3396
Consul API publicly exposed
Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1297) CVE-2012-1297
Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10642) CVE-2019-10642
Contao CVE-2018-20028 Vulnerability (CVE-2018-20028) CVE-2018-20028
Contao Deserialization of Untrusted Data Vulnerability (CVE-2014-1860) CVE-2014-1860
Contao Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-37626) CVE-2021-37626
Contao Improper Encoding or Escaping of Output Vulnerability (CVE-2019-19714) CVE-2019-19714
Contao Improper Input Validation Vulnerability (CVE-2020-25768) CVE-2020-25768
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-0269) CVE-2015-0269
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-10993) CVE-2017-10993
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-29200) CVE-2023-29200
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0508) CVE-2011-0508
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4335) CVE-2011-4335
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5478) CVE-2018-5478
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10125) CVE-2018-10125
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35210) CVE-2021-35210
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35955) CVE-2021-35955
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24899) CVE-2022-24899
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36806) CVE-2023-36806
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4383) CVE-2012-4383
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-16558) CVE-2017-16558
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-11512) CVE-2019-11512
Contao Improper Privilege Management Vulnerability (CVE-2021-37627) CVE-2021-37627
Contao Incorrect Default Permissions Vulnerability (CVE-2019-19712) CVE-2019-19712
Contao Key Management Errors Vulnerability (CVE-2019-10643) CVE-2019-10643
Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19745) CVE-2019-19745
Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641) CVE-2019-10641
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
Content Security Policy (CSP) Contains Out of Scope report-uri Domain
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
Content Security Policy (CSP) Nonce Without Matching Script Block
Content Security Policy (CSP) Not Implemented
Content Security Policy (CSP) report-uri Uses HTTP