Vulnerability Name CVE Severity
(Possible) Cross site scripting
.htaccess File Detected
Access-Control-Allow-Origin header with wildcard (*) value
An Unsafe Content Security Policy (CSP) Directive in Use
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
Content Security Policy (CSP) Contains Out of Scope report-uri Domain
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
Content Security Policy (CSP) Nonce Without Matching Script Block
Content Security Policy (CSP) Not Implemented
Content Security Policy (CSP) report-uri Uses HTTP
Content Security Policy Misconfiguration
Cookies with Secure flag set over insecure connection
data: Used in a Content Security Policy (CSP) Directive
default-src Used in Content Security Policy (CSP)
Deprecated Header Instruction Used to Implement Content Security Policy (CSP)
Error page web server version disclosure
Express express-session weak secret key
File Upload Functionality Detected
Generic Email Address Disclosure
HTTP Strict Transport Security (HSTS) Errors and Warnings
Incorrect Content Security Policy (CSP) Implementation
Insecure Protocol Detected in Content Security Policy (CSP)
Insecure Referrer Policy
Invalid Content Security Policy (CSP) Directive Identified in meta Elements
Javascript Source map detected
JVM version leakage
Magento 2.0-2.3 End of life
Microsoft Frontpage configuration information
Missing object-src in CSP Declaration
Multiple Content Security Policy (CSP) Implementation Detected
Nonce Usage Detected in Content Security Policy (CSP) Directive
No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP)
Oracle JRE CVE-2012-0547 Vulnerability (CVE-2012-0547) CVE-2012-0547
Oracle JRE Other Vulnerability (CVE-2012-5085) CVE-2012-5085
Outdated JavaScript libraries
Permissions-Policy header not implemented
Retired hash function in SAML Response
Reverse Proxy Detected
Scheme URI Detected in Content Security Policy (CSP) Directive
Static Nonce Identified in Content Security Policy (CSP)
Subresource Integrity (SRI) Not Implemented
TLS/SSL (EC)DHE Key Reuse
Typo3 Admin publicly accessible
Unsupported Hash Detected in Content Security Policy (CSP)
Version Disclosure (IIS)
Weak Nonce Detected in Content Security Policy (CSP) Declaration
Web Application Firewall Detected
WebDAV Enabled
Web server default welcome page
Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive
Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive
Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive
WordPress readme.html file
WordPress user registration enabled
[Possible] Internal Path Disclosure (*nix)
[Possible] Internal Path Disclosure (Windows)
[Possible] WS_FTP Log File Detected