Lodash < 4.17.20 Prototype Pollution

According to its self-reported version number, Lodash is prior to 4.17.20. It is, therefore, affected by a prototype pollution vulnerability in zipObjectDeep. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No...

Power Apps OData Feeds Detected

Microsoft Power Apps is a low-code development platform designed to help users build rich web and mobile applications. Power Apps enables users to publish table data as OData feeds, providing a RESTful web service by default available to any user. The scanner detected the presence of public data ...

Joomla! 4.x < 4.0.1 Insufficient Access Control

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0 prior to 4.0.1. It is, therefore, affected by an insufficient access control vulnerability on its commedia deletion endpoint. An unauthenticated, remote attacker could exploit this to delete...

Microsoft SharePoint Server 2016 < 16.0.5173.1000 Multiple Vulnerabilities

According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by multiple vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source da...

Power Apps Application Detected

Microsoft Power Apps is a low-code development platform designed to help users build rich web and mobile applications. By leveraging the multiple services, data sources and connectors provided by the Power Apps environment, an user with a Microsoft Office 365 subscription including Power Apps can...

WordPress Database Repair Enabled

WordPress Database Repair functionality has been detected on the target web application. This may present an attacker with information regarding the database schema in use which may be used to mount further attacks. No source data...

GraphQL Interface Detected

GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. Some web applications provide a friendly user interface to help developers building GraphQL queries and get the results. The scanner detected the...

Atlassian Confluence 7.0.x < 7.0.1 Information Disclosure

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.13.6, 6.14.x 6.15.5 or 7.0.x 7.0.1. It is, therefore, affected by a missing permissions check vulnerability allowing remote attackers to obtain information about configured...

Atlassian Jira < 8.13.3 Broken Authentication

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.3 or 8.14.x 8.14.1. It is, therefore, affected by a broken authentication vulnerability in the makeRequest gadget resource allowing remote attackers to evade...

Atlassian Jira 8.14.x < 8.14.1 Broken Authentication

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.3 or 8.14.x 8.14.1. It is, therefore, affected by a broken authentication vulnerability in the makeRequest gadget resource allowing remote attackers to evade...

X-Cart Files Information Disclosure

X-Cart sensitive files have been detected on the target X-Cart installation. This may present an attacker with sensitive information to mount further attacks. No source data...

Apache Struts 2 Demo Application Detected

The scanner has detected a publicly accessible Apache Struts 2 default demo application. Known and unknown vulnerabilities could be more easily exploited via this kind of application. No source data...

WordPress 5.0.x < 5.0.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An XML External Entity XXE vulnerability exists in the media library affecting PHP 8. - A data exposure vulnerability exists in the REST API. Note that the scanner has not...

WordPress 5.5.x < 5.5.4 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An XML External Entity XXE vulnerability exists in the media library affecting PHP 8. - A data exposure vulnerability exists in the REST API. Note that the scanner has not...

Magento Log File Detected

Magento log files have been detected on the target web application. These files may contain sensitive information about application and server configuration, logins and passwords or confidential customer's data. No source data...

Security.txt File Not Detected

A Security.txt file has not been detected on the target. When security risks in web services are discovered by independent security researchers, this file defines the channels to disclose them properly & enables 3rd party researchers to disclose issues securely in a manner defined by the...

Duplicator Plugin for WordPress Installation File Detected

WordPress Duplicator Plugin files have been detected on the target WordPress installation. This may present an attacker with sensitive information to mount further attacks. No source data...

API Versions Detected

The scanner may have been able to detect several versions of the API for one or more endpoints. No source data...

WordPress Plugins Sensitive Files Detected

WordPress Plugins sensitive files have been detected on the target WordPress installation. This may present an attacker with sensitive information to mount further attacks, such as keys, credentials, internal host names, database tables & SQL queries, security logs, full path disclosures,...

DOM Elements Excluded

Some DOM elements matched one or more entries in the DOM Exclusion list and therefore were excluded from interactions. No source data...