Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity CRIME SSL/TLS attack CVE-2012-4929 CWE-310 CWE-310 Medium CRLF injection/HTTP response splitting (Web Server) CWE-113 CWE-113 Medium Cross-Site Request Forgery (CSRF) (CMS Made Simple) CVE-2016-7904 CWE-352 CWE-352 Medium Cross-site Scripting CWE-79 CWE-79 High Cross-site Scripting (DOM based) CWE-79 CWE-79 High Cross-site Scripting via File Upload CWE-79 CWE-79 High Cross-site Scripting via Remote File Inclusion CWE-79 CWE-79 High Cross-site scripting vulnerability in Google Web Toolkit CVE-2012-4563 CWE-80 CWE-80 High Cross-site scripting vulnerability in Google Web Toolkit (CVE-2012-5920) CVE-2012-5920 CWE-80 CWE-80 High Cross frame scripting CWE-79 CWE-79 Medium Cross Site Scripting (Category Description) (CMS Made Simple) CVE-2017-6555 CWE-79 CWE-79 Medium Cross Site Scripting (globalmetadata) (CMS Made Simple) CVE-2017-6556 CWE-79 CWE-79 Medium Cross site scripting (requiring unencoded quote) CWE-79 CWE-79 Low Cross site scripting (XSS) in ASP.NET via ResolveUrl CWE-79 CWE-79 High Cross site scripting in HTTP-01 ACME challenge implementation CWE-79 CWE-79 High Cross site scripting via Bootstrap CWE-79 CWE-79 High CrushFTP Server Deserialization of Untrusted Data Vulnerability (CVE-2017-14035) CVE-2017-14035 CWE-502 CWE-502 Critical CrushFTP Server Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2023-43177) CVE-2023-43177 CWE-913 CWE-913 Critical CrushFTP Server Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-4040) CVE-2024-4040 CWE-94 CWE-94 Critical CrushFTP Server Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2017-14037) CVE-2017-14037 CWE-707 CWE-707 Medium CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14036) CVE-2017-14036 CWE-707 CWE-707 Medium CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-44076) CVE-2021-44076 CWE-707 CWE-707 Medium CrushFTP Server Improper Validation of Integrity Check Value Vulnerability (CVE-2023-48795) CVE-2023-48795 CWE-354 CWE-354 Medium CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14038) CVE-2017-14038 CWE-601 CWE-601 Medium CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-18288) CVE-2018-18288 CWE-601 CWE-601 Medium CrushFTP SSTI (CVE-2024-4040) CVE-2024-4040 CWE-94 CWE-94 Critical CubeCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-38130) CVE-2023-38130 CWE-352 CWE-352 High CubeCart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3724) CVE-2011-3724 CWE-200 CWE-200 Medium CubeCart Improper Access Control Vulnerability (CVE-2015-6928) CVE-2015-6928 CWE-284 CWE-284 Medium CubeCart Improper Authentication Vulnerability (CVE-2014-2341) CVE-2014-2341 CWE-287 CWE-287 Medium CubeCart Improper Input Validation Vulnerability (CVE-2012-0865) CVE-2012-0865 CWE-20 CWE-20 Medium CubeCart Improper Input Validation Vulnerability (CVE-2013-1465) CVE-2013-1465 CWE-20 CWE-20 High CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-2090) CVE-2017-2090 CWE-22 CWE-22 Medium CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-2098) CVE-2017-2098 CWE-22 CWE-22 Medium CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-2117) CVE-2017-2117 CWE-22 CWE-22 Medium CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-42428) CVE-2023-42428 CWE-22 CWE-22 Medium CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-47283) CVE-2023-47283 CWE-22 CWE-22 Medium CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-34832) CVE-2024-34832 CWE-22 CWE-22 Critical CubeCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1550) CVE-2008-1550 CWE-707 CWE-707 Medium CubeCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20703) CVE-2018-20703 CWE-707 CWE-707 Medium CubeCart Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-47675) CVE-2023-47675 CWE-138 CWE-138 High CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4060) CVE-2009-4060 CWE-138 CWE-138 High CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-1931) CVE-2010-1931 CWE-138 CWE-138 High CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4903) CVE-2010-4903 CWE-138 CWE-138 High CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-20716) CVE-2018-20716 CWE-138 CWE-138 Critical CubeCart Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-3904) CVE-2009-3904 CWE-264 CWE-264 High CubeCart Session Fixation Vulnerability (CVE-2021-33394) CVE-2021-33394 CWE-384 CWE-384 Medium Custom Error Pages Are Not Configured in WEB-INF/web.xml CWE-16 CWE-16 Medium Custom Vulnerability Alert CWE-0 CWE-0 High CVS Detected CWE-527 CWE-527 Medium D-Link NAS Backdoor Account RCE (CVE-2024-3273, CVE-2024-3272) CVE-2024-3273 CVE-2024-3272 CWE-77 CWE-77 Critical D3.js Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16044) CVE-2017-16044 CWE-200 CWE-200 High data: Used in a Content Security Policy (CSP) Directive CWE-16 CWE-16 Informational Database User Has Admin Privileges CWE-267 CWE-267 High Data Binding Expression Vulnerability in Spring Web Flow CVE-2017-4971 CWE-78 CWE-78 High datatables Cross-site Scripting (XSS) Vulnerability (CVE-2015-6584) CVE-2015-6584 Medium DataTables Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23445) CVE-2021-23445 CWE-707 CWE-707 Medium DataTables Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-36713) CVE-2021-36713 CWE-707 CWE-707 Medium DataTables Prototype Pollution Vulnerability (CVE-2020-28458) CVE-2020-28458 High default-src Used in Content Security Policy (CSP) CWE-16 CWE-16 Informational Delve Debugger Unauthorized Access Vulnerability CWE-200 CWE-200 High Deprecated Header Instruction Used to Implement Content Security Policy (CSP) CWE-16 CWE-16 Informational Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization) CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Genson CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Jackson CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO CWE-502 CWE-502 High Deserialization of Untrusted Data (Java Object Deserialization) CWE-502 CWE-502 High Deserialization of Untrusted Data (XStream) CWE-502 CWE-502 High Development configuration files CWE-538 CWE-538 Medium Devise weak password CWE-200 CWE-200 High Directory listings CWE-538 CWE-538 Medium Directory traversal CWE-22 CWE-22 High Directory Traversal (lib/translation.functions.php) (CMS Made Simple) v1.6.x CVE-2010-2797 CWE-22 CWE-22 High Directory Traversal (lib/translation.functions.php) (CMS Made Simple) v1.8.x CVE-2010-2797 CWE-22 CWE-22 High 1...20212223...293 21 / 293
