Medium Severity Vulnerabilities

Vulnerability Name	CVE CWE	CWE	Severity
Joomla Other Vulnerability (CVE-2006-1048)	CVE-2006-1048		Medium
Joomla Other Vulnerability (CVE-2006-1956)	CVE-2006-1956		Medium
Joomla Other Vulnerability (CVE-2006-3480)	CVE-2006-3480		Medium
Joomla Other Vulnerability (CVE-2006-4473)	CVE-2006-4473		Medium
Joomla Other Vulnerability (CVE-2006-4474)	CVE-2006-4474		Medium
Joomla Other Vulnerability (CVE-2006-6834)	CVE-2006-6834		Medium
Joomla Other Vulnerability (CVE-2007-4185)	CVE-2007-4185		Medium
Joomla Other Vulnerability (CVE-2023-23752)	CVE-2023-23752		Medium
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0114)	CVE-2006-0114 CWE-264	CWE-264	Medium
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3226)	CVE-2008-3226 CWE-264	CWE-264	Medium
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1599)	CVE-2012-1599 CWE-264	CWE-264	Medium
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1611)	CVE-2012-1611 CWE-264	CWE-264	Medium
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3056)	CVE-2013-3056 CWE-264	CWE-264	Medium
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3057)	CVE-2013-3057 CWE-264	CWE-264	Medium
Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2006-4471)	CVE-2006-4471 CWE-434	CWE-434	Medium
Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2011-4907)	CVE-2011-4907 CWE-434	CWE-434	Medium
Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-7989)	CVE-2017-7989 CWE-434	CWE-434	Medium
Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-5608)	CVE-2015-5608 CWE-601	CWE-601	Medium
Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24598)	CVE-2020-24598 CWE-601	CWE-601	Medium
Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-23798)	CVE-2022-23798 CWE-601	CWE-601	Medium
jPlayer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1942)	CVE-2013-1942 CWE-707	CWE-707	Medium
jPlayer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2022)	CVE-2013-2022 CWE-707	CWE-707	Medium
jPlayer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2023)	CVE-2013-2023 CWE-707	CWE-707	Medium
jQuery Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2019-11358)	CVE-2019-11358 CWE-1321	CWE-1321	Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4969)	CVE-2011-4969 CWE-707	CWE-707	Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6708)	CVE-2012-6708 CWE-707	CWE-707	Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-6071)	CVE-2014-6071 CWE-707	CWE-707	Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9251)	CVE-2015-9251 CWE-707	CWE-707	Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18405)	CVE-2018-18405 CWE-707	CWE-707	Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7656)	CVE-2020-7656 CWE-707	CWE-707	Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11022)	CVE-2020-11022 CWE-707	CWE-707	Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11023)	CVE-2020-11023 CWE-707	CWE-707	Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23064)	CVE-2020-23064 CWE-707	CWE-707	Medium
jQuery PrettyPhoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9478)	CVE-2015-9478 CWE-707	CWE-707	Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)	CVE-2010-5312 CWE-707	CWE-707	Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)	CVE-2021-41182 CWE-707	CWE-707	Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)	CVE-2021-41183 CWE-707	CWE-707	Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)	CVE-2021-41184 CWE-707	CWE-707	Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)	CVE-2022-31160 CWE-707	CWE-707	Medium
JQuery UI Cross-site Scripting (XSS) Vulnerability (CVE-2016-7103)	CVE-2016-7103		Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)	CVE-2010-5312 CWE-707	CWE-707	Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)	CVE-2021-41182 CWE-707	CWE-707	Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)	CVE-2021-41183 CWE-707	CWE-707	Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)	CVE-2021-41184 CWE-707	CWE-707	Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)	CVE-2022-31160 CWE-707	CWE-707	Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)	CVE-2010-5312 CWE-707	CWE-707	Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)	CVE-2021-41182 CWE-707	CWE-707	Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)	CVE-2021-41183 CWE-707	CWE-707	Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)	CVE-2021-41184 CWE-707	CWE-707	Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)	CVE-2022-31160 CWE-707	CWE-707	Medium
JSF ViewState client side storage	CWE-693	CWE-693	Medium
JSONP enabled by default in MappingJackson2JsonView	CVE-2018-11040 CWE-538	CWE-538	Medium
jszip CVE-2021-23413 Vulnerability (CVE-2021-23413)	CVE-2021-23413		Medium
Keycloak clients-registrations XSS (CVE-2021-20323)	CVE-2021-20323 CWE-79	CWE-79	Medium
KeyCloak Information Disclosure (CVE-2020-27838)	CVE-2020-27838 CWE-287	CWE-287	Medium
Keycloak request_uri SSRF (CVE-2020-10770)	CVE-2020-10770 CWE-918	CWE-918	Medium
Knockout.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14862)	CVE-2019-14862 CWE-707	CWE-707	Medium
Laravel debug mode enabled	CWE-200	CWE-200	Medium
Laravel debug mode enabled (AcuSensor)	CWE-16	CWE-16	Medium
Laravel framework weak secret key	CWE-693	CWE-693	Medium
Laravel Health Monitor open	CWE-200	CWE-200	Medium
Laravel Horizon open	CWE-200	CWE-200	Medium
Laravel Ignition Reflected Cross-Site Scripting	CWE-80	CWE-80	Medium
Laravel log file publicly accessible	CWE-538	CWE-538	Medium
Laravel LogViewer open	CWE-200	CWE-200	Medium
Laravel Telescope open	CWE-200	CWE-200	Medium
Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-25143)	CVE-2024-25143 CWE-770	CWE-770	Medium
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2022-42129)	CVE-2022-42129 CWE-639	CWE-639	Medium
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)	CVE-2024-8980 CWE-352	CWE-352	Medium
Liferay DXP CVE-2021-29041 Vulnerability (CVE-2021-29041)	CVE-2021-29041		Medium
Liferay DXP CVE-2021-33330 Vulnerability (CVE-2021-33330)	CVE-2021-33330		Medium
Liferay DXP CVE-2022-42126 Vulnerability (CVE-2022-42126)	CVE-2022-42126		Medium
Liferay DXP Excessive Iteration Vulnerability (CVE-2024-25144)	CVE-2024-25144 CWE-834	CWE-834	Medium
Liferay DXP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-42132)	CVE-2022-42132 CWE-200	CWE-200	Medium
Liferay DXP Improper Certificate Validation Vulnerability (CVE-2022-42131)	CVE-2022-42131 CWE-295	CWE-295	Medium

Joomla Other Vulnerability (CVE-2006-1048)

CVE-2006-1048

Medium

Joomla Other Vulnerability (CVE-2006-1956)

CVE-2006-1956

Medium

Joomla Other Vulnerability (CVE-2006-3480)

CVE-2006-3480

Medium

Joomla Other Vulnerability (CVE-2006-4473)

CVE-2006-4473

Medium

Joomla Other Vulnerability (CVE-2006-4474)

CVE-2006-4474

Medium

Joomla Other Vulnerability (CVE-2006-6834)

CVE-2006-6834

Medium

Joomla Other Vulnerability (CVE-2007-4185)

CVE-2007-4185

Medium

Joomla Other Vulnerability (CVE-2023-23752)

CVE-2023-23752

Medium

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0114)

CVE-2006-0114

CWE-264

Medium

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3226)

CVE-2008-3226

CWE-264

Medium

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1599)

CVE-2012-1599

CWE-264

Medium

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1611)

CVE-2012-1611

CWE-264

Medium

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3056)

CVE-2013-3056

CWE-264

Medium

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3057)

CVE-2013-3057

CWE-264

Medium

Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2006-4471)

CVE-2006-4471

CWE-434

Medium

Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2011-4907)

CVE-2011-4907

CWE-434

Medium

Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-7989)

CVE-2017-7989

CWE-434

Medium

Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-5608)

CVE-2015-5608

CWE-601

Medium

Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24598)

CVE-2020-24598

CWE-601

Medium

Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-23798)

CVE-2022-23798

CWE-601

Medium

jPlayer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1942)

CVE-2013-1942

CWE-707

Medium

jPlayer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2022)

CVE-2013-2022

CWE-707

Medium

jPlayer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2023)

CVE-2013-2023

CWE-707

Medium

jQuery Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2019-11358)

CVE-2019-11358

CWE-1321

Medium

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4969)

CVE-2011-4969

CWE-707

Medium

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6708)

CVE-2012-6708

CWE-707

Medium

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-6071)

CVE-2014-6071

CWE-707

Medium

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9251)

CVE-2015-9251

CWE-707

Medium

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18405)

CVE-2018-18405

CWE-707

Medium

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7656)

CVE-2020-7656

CWE-707

Medium

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11022)

CVE-2020-11022

CWE-707

Medium

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11023)

CVE-2020-11023

CWE-707

Medium

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23064)

CVE-2020-23064

CWE-707

Medium

jQuery PrettyPhoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9478)

CVE-2015-9478

CWE-707

Medium

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)

CVE-2010-5312

CWE-707

Medium

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)

CVE-2021-41182

CWE-707

Medium

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)

CVE-2021-41183

CWE-707

Medium

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

CVE-2021-41184

CWE-707

Medium

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)

CVE-2022-31160

CWE-707

Medium

JQuery UI Cross-site Scripting (XSS) Vulnerability (CVE-2016-7103)

CVE-2016-7103

Medium

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)

CVE-2010-5312

CWE-707

Medium

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)

CVE-2021-41182

CWE-707

Medium

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)

CVE-2021-41183

CWE-707

Medium

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

CVE-2021-41184

CWE-707

Medium

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)

CVE-2022-31160

CWE-707

Medium

jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)

CVE-2010-5312

CWE-707

Medium

jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)

CVE-2021-41182

CWE-707

Medium

jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)

CVE-2021-41183

CWE-707

Medium

jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

CVE-2021-41184

CWE-707

Medium

jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)

CVE-2022-31160

CWE-707

Medium

JSF ViewState client side storage

CWE-693

Medium

JSONP enabled by default in MappingJackson2JsonView

CVE-2018-11040

CWE-538

Medium

jszip CVE-2021-23413 Vulnerability (CVE-2021-23413)

CVE-2021-23413

Medium

Keycloak clients-registrations XSS (CVE-2021-20323)

CVE-2021-20323

CWE-79

Medium

KeyCloak Information Disclosure (CVE-2020-27838)

CVE-2020-27838

CWE-287

Medium

Keycloak request_uri SSRF (CVE-2020-10770)

CVE-2020-10770

CWE-918

Medium

Knockout.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14862)

CVE-2019-14862

CWE-707

Medium

Laravel debug mode enabled

CWE-200

Medium

Laravel debug mode enabled (AcuSensor)

CWE-16

Medium

Laravel framework weak secret key

CWE-693

Medium

Laravel Health Monitor open

CWE-200

Medium

Laravel Horizon open

CWE-200

Medium

Laravel Ignition Reflected Cross-Site Scripting

CWE-80

Medium

Laravel log file publicly accessible

CWE-538

Medium

Laravel LogViewer open

CWE-200

Medium

Laravel Telescope open

CWE-200

Medium

Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-25143)

CVE-2024-25143

CWE-770

Medium

Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2022-42129)

CVE-2022-42129

CWE-639

Medium

Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)

CVE-2024-8980

CWE-352

Medium

Liferay DXP CVE-2021-29041 Vulnerability (CVE-2021-29041)

CVE-2021-29041

Medium

Liferay DXP CVE-2021-33330 Vulnerability (CVE-2021-33330)

CVE-2021-33330

Medium

Liferay DXP CVE-2022-42126 Vulnerability (CVE-2022-42126)

CVE-2022-42126

Medium

Liferay DXP Excessive Iteration Vulnerability (CVE-2024-25144)

CVE-2024-25144

CWE-834

Medium

Liferay DXP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-42132)

CVE-2022-42132

CWE-200

Medium

Liferay DXP Improper Certificate Validation Vulnerability (CVE-2022-42131)

CVE-2022-42131

CWE-295

Medium

Medium Severity Vulnerabilities

Severity

Vulnerability Categories

Still Have Questions?

Take action and discover your vulnerabilities