Medium Severity Vulnerabilities

Vulnerability Name	CVE CWE	CWE	Severity
TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-5103)	CVE-2010-5103 CWE-138	CWE-138	Medium
TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-6144)	CVE-2012-6144 CWE-138	CWE-138	Medium
TYPO3 Inadequate Encryption Strength Vulnerability (CVE-2010-3670)	CVE-2010-3670 CWE-326	CWE-326	Medium
TYPO3 Insertion of Sensitive Information into Log File Vulnerability (CVE-2021-32767)	CVE-2021-32767 CWE-532	CWE-532	Medium
TYPO3 Insertion of Sensitive Information into Log File Vulnerability (CVE-2022-31047)	CVE-2022-31047 CWE-532	CWE-532	Medium
Typo3 Install Tool publicly accessible	CWE-200	CWE-200	Medium
TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-23502)	CVE-2022-23502 CWE-613	CWE-613	Medium
TYPO3 Observable Discrepancy Vulnerability (CVE-2022-36105)	CVE-2022-36105 CWE-203	CWE-203	Medium
TYPO3 Other Vulnerability (CVE-2006-0327)	CVE-2006-0327		Medium
TYPO3 Other Vulnerability (CVE-2009-3630)	CVE-2009-3630		Medium
TYPO3 Other Vulnerability (CVE-2012-1605)	CVE-2012-1605		Medium
TYPO3 Other Vulnerability (CVE-2012-3530)	CVE-2012-3530		Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2717)	CVE-2008-2717 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3717)	CVE-2010-3717 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6146)	CVE-2012-6146 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4320)	CVE-2013-4320 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7073)	CVE-2013-7073 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7081)	CVE-2013-7081 CWE-264	CWE-264	Medium
TYPO3 Resource Management Errors Vulnerability (CVE-2013-1843)	CVE-2013-1843		Medium
TYPO3 Session Fixation Vulnerability (CVE-2010-3671)	CVE-2010-3671 CWE-384	CWE-384	Medium
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-3661)	CVE-2010-3661 CWE-601	CWE-601	Medium
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-3669)	CVE-2010-3669 CWE-601	CWE-601	Medium
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15241)	CVE-2020-15241 CWE-601	CWE-601	Medium
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-21338)	CVE-2021-21338 CWE-601	CWE-601	Medium
TYPO3 Use of Insufficiently Random Values Vulnerability (CVE-2010-3666)	CVE-2010-3666 CWE-330	CWE-330	Medium
UAParser.js Other Vulnerability (CVE-2020-7793)	CVE-2020-7793		Medium
UAParser.js Uncontrolled Resource Consumption Vulnerability (CVE-2020-7733)	CVE-2020-7733 CWE-400	CWE-400	Medium
Unauthorized Access to a web app installer	CWE-200	CWE-200	Medium
Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability	CWE-400	CWE-400	Medium
Undertow Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2021-3597)	CVE-2021-3597 CWE-362	CWE-362	Medium
Undertow CVE-2022-2764 Vulnerability (CVE-2022-2764)	CVE-2022-2764		Medium
Undertow Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7816)	CVE-2014-7816 CWE-22	CWE-22	Medium
Undertow Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2018-1067)	CVE-2018-1067 CWE-113	CWE-113	Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-7559)	CVE-2017-7559 CWE-444	CWE-444	Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10687)	CVE-2020-10687 CWE-444	CWE-444	Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10719)	CVE-2020-10719 CWE-444	CWE-444	Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2021-20220)	CVE-2021-20220 CWE-444	CWE-444	Medium
Undertow Incorrect Authorization Vulnerability (CVE-2017-12196)	CVE-2017-12196 CWE-863	CWE-863	Medium
Unencrypted __VIEWSTATE parameter	CWE-200	CWE-200	Medium
Unicode Transformation (Best-Fit Mapping)	CWE-176	CWE-176	Medium
Unprotected Apache NiFi API interface	CWE-287	CWE-287	Medium
Unprotected JSON file leaking secrets	CWE-200	CWE-200	Medium
Unprotected Kong Gateway Admin API interface	CWE-287	CWE-287	Medium
Unrestricted access to AnythingLLM API	CVE-2024-6842 CWE-200	CWE-200	Medium
Unrestricted access to MLflow	CWE-200	CWE-200	Medium
Unrestricted access to NGINX+ API interface (read only)	CWE-200	CWE-200	Medium
Unrestricted access to NGINX+ Dashboard	CWE-200	CWE-200	Medium
Unrestricted access to NGINX+ Upstream HTTP interface	CWE-200	CWE-200	Medium
Unsafe value for session tracking in WEB-INF/web.xml	CWE-16	CWE-16	Medium
URL redirection (Web Server)	CWE-601	CWE-601	Medium
URL rewrite vulnerability	CVE-2018-14773 CWE-436	CWE-436	Medium
User-controlled form action	CWE-20	CWE-20	Medium
User controllable charset	CWE-20	CWE-20	Medium
User controllable tag parameter	CWE-79	CWE-79	Medium
Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2018-15833)	CVE-2018-15833 CWE-639	CWE-639	Medium
Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3812)	CVE-2011-3812 CWE-200	CWE-200	Medium
Vanilla Forums Improper Input Validation Vulnerability (CVE-2011-0908)	CVE-2011-0908 CWE-20	CWE-20	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0526)	CVE-2011-0526 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0909)	CVE-2011-0909 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1009)	CVE-2011-1009 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9685)	CVE-2014-9685 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17571)	CVE-2018-17571 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8279)	CVE-2019-8279 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8825)	CVE-2020-8825 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16410)	CVE-2018-16410 CWE-138	CWE-138	Medium
Vanilla Forums Other Vulnerability (CVE-2011-0910)	CVE-2011-0910		Medium
Varnish Cache Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-4484)	CVE-2013-4484 CWE-119	CWE-119	Medium
Verb tampering via misconfigured security constraint	CWE-16	CWE-16	Medium
VideoJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23414)	CVE-2021-23414 CWE-707	CWE-707	Medium
ViewState MAC Disabled	CWE-642	CWE-642	Medium
Virtual host directory listing	CWE-538	CWE-538	Medium
Vulnerable JavaScript libraries	CWE-937	CWE-937	Medium
Vulnerable package dependencies [medium]	CWE-1104	CWE-1104	Medium
W3 total cache debug mode	CWE-489	CWE-489	Medium
Web2py weak secret key	CWE-693	CWE-693	Medium

TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-5103)

CVE-2010-5103

CWE-138

Medium

TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-6144)

CVE-2012-6144

CWE-138

Medium

TYPO3 Inadequate Encryption Strength Vulnerability (CVE-2010-3670)

CVE-2010-3670

CWE-326

Medium

TYPO3 Insertion of Sensitive Information into Log File Vulnerability (CVE-2021-32767)

CVE-2021-32767

CWE-532

Medium

TYPO3 Insertion of Sensitive Information into Log File Vulnerability (CVE-2022-31047)

CVE-2022-31047

CWE-532

Medium

Typo3 Install Tool publicly accessible

CWE-200

Medium

TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-23502)

CVE-2022-23502

CWE-613

Medium

TYPO3 Observable Discrepancy Vulnerability (CVE-2022-36105)

CVE-2022-36105

CWE-203

Medium

TYPO3 Other Vulnerability (CVE-2006-0327)

CVE-2006-0327

Medium

TYPO3 Other Vulnerability (CVE-2009-3630)

CVE-2009-3630

Medium

TYPO3 Other Vulnerability (CVE-2012-1605)

CVE-2012-1605

Medium

TYPO3 Other Vulnerability (CVE-2012-3530)

CVE-2012-3530

Medium

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2717)

CVE-2008-2717

CWE-264

Medium

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3717)

CVE-2010-3717

CWE-264

Medium

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6146)

CVE-2012-6146

CWE-264

Medium

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4320)

CVE-2013-4320

CWE-264

Medium

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7073)

CVE-2013-7073

CWE-264

Medium

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7081)

CVE-2013-7081

CWE-264

Medium

TYPO3 Resource Management Errors Vulnerability (CVE-2013-1843)

CVE-2013-1843

Medium

TYPO3 Session Fixation Vulnerability (CVE-2010-3671)

CVE-2010-3671

CWE-384

Medium

TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-3661)

CVE-2010-3661

CWE-601

Medium

TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-3669)

CVE-2010-3669

CWE-601

Medium

TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15241)

CVE-2020-15241

CWE-601

Medium

TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-21338)

CVE-2021-21338

CWE-601

Medium

TYPO3 Use of Insufficiently Random Values Vulnerability (CVE-2010-3666)

CVE-2010-3666

CWE-330

Medium

UAParser.js Other Vulnerability (CVE-2020-7793)

CVE-2020-7793

Medium

UAParser.js Uncontrolled Resource Consumption Vulnerability (CVE-2020-7733)

CVE-2020-7733

CWE-400

Medium

Unauthorized Access to a web app installer

CWE-200

Medium

Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability

CWE-400

Medium

Undertow Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2021-3597)

CVE-2021-3597

CWE-362

Medium

Undertow CVE-2022-2764 Vulnerability (CVE-2022-2764)

CVE-2022-2764

Medium

Undertow Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7816)

CVE-2014-7816

CWE-22

Medium

Undertow Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2018-1067)

CVE-2018-1067

CWE-113

Medium

Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-7559)

CVE-2017-7559

CWE-444

Medium

Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10687)

CVE-2020-10687

CWE-444

Medium

Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10719)

CVE-2020-10719

CWE-444

Medium

Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2021-20220)

CVE-2021-20220

CWE-444

Medium

Undertow Incorrect Authorization Vulnerability (CVE-2017-12196)

CVE-2017-12196

CWE-863

Medium

Unencrypted __VIEWSTATE parameter

CWE-200

Medium

Unicode Transformation (Best-Fit Mapping)

CWE-176

Medium

Unprotected Apache NiFi API interface

CWE-287

Medium

Unprotected JSON file leaking secrets

CWE-200

Medium

Unprotected Kong Gateway Admin API interface

CWE-287

Medium

Unrestricted access to AnythingLLM API

CVE-2024-6842

CWE-200

Medium

Unrestricted access to MLflow

CWE-200

Medium

Unrestricted access to NGINX+ API interface (read only)

CWE-200

Medium

Unrestricted access to NGINX+ Dashboard

CWE-200

Medium

Unrestricted access to NGINX+ Upstream HTTP interface

CWE-200

Medium

Unsafe value for session tracking in WEB-INF/web.xml

CWE-16

Medium

URL redirection (Web Server)

CWE-601

Medium

URL rewrite vulnerability

CVE-2018-14773

CWE-436

Medium

User-controlled form action

CWE-20

Medium

User controllable charset

CWE-20

Medium

User controllable tag parameter

CWE-79

Medium

Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2018-15833)

CVE-2018-15833

CWE-639

Medium

Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3812)

CVE-2011-3812

CWE-200

Medium

Vanilla Forums Improper Input Validation Vulnerability (CVE-2011-0908)

CVE-2011-0908

CWE-20

Medium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0526)

CVE-2011-0526

CWE-707

Medium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0909)

CVE-2011-0909

CWE-707

Medium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1009)

CVE-2011-1009

CWE-707

Medium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9685)

CVE-2014-9685

CWE-707

Medium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17571)

CVE-2018-17571

CWE-707

Medium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8279)

CVE-2019-8279

CWE-707

Medium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8825)

CVE-2020-8825

CWE-707

Medium

Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16410)

CVE-2018-16410

CWE-138

Medium

Vanilla Forums Other Vulnerability (CVE-2011-0910)

CVE-2011-0910

Medium

Varnish Cache Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-4484)

CVE-2013-4484

CWE-119

Medium

Verb tampering via misconfigured security constraint

CWE-16

Medium

VideoJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23414)

CVE-2021-23414

CWE-707

Medium

ViewState MAC Disabled

CWE-642

Medium

Virtual host directory listing

CWE-538

Medium

Vulnerable JavaScript libraries

CWE-937

Medium

Vulnerable package dependencies [medium]

CWE-1104

Medium

W3 total cache debug mode

CWE-489

Medium

Web2py weak secret key

CWE-693

Medium

Medium Severity Vulnerabilities

Severity

Vulnerability Categories

Still Have Questions?

Take action and discover your vulnerabilities