Apache Tomcat 9.0.44 Denial of Service

The version of Apache Tomcat installed on the remote host is 10.0.3 to 10.0.4, 9.0.44 or 8.5.64. It is, therefore, affected by a denial of service due to an error introduced as part of a change to improve error handling during non-blocking I/O. Note that the scanner has not attempted to exploit...

X-Cart 5.0.10 < 5.3.6.8 Deserialization Vulnerability

According to the self-reported version in its response header, the version of X-Cart hosted on the remote web server is 5.0.10 5.3.6.8, 5.4.0.x 5.4.0.13 or 5.4.1.x 5.4.1.8. It is, therefore, affected by a vulnerability in the cookie viewedResources handling leading to insecure deserialization and...

Atlassian Confluence < 7.4.2 Cross-Site Scripting

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.4.2 or 7.5.x 7.5.2. It is, therefore, affected by a Cross-Site Scripting XSS vulnerability in user macro parameters. Note that the scanner has not tested for these issues b...

Atlassian Confluence 6.14.x < 7.3.3 Improper Authorization

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.13.11 or 6.14.x 7.3.3. It is, therefore, affected by an improper authorization check vulnerability allowing remote attackers with administrator privileges to edit existing...

Atlassian Confluence 7.0.x < 7.0.1 Information Disclosure

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.13.6, 6.14.x 6.15.5 or 7.0.x 7.0.1. It is, therefore, affected by a missing permissions check vulnerability allowing remote attackers to obtain information about configured...

Atlassian Jira 8.14.x < 8.14.1 Server-Side Request Forgery

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.10, 8.6.x 8.13.2 or 8.14.x 8.14.1. It is, therefore, affected by a Server-Side Request Forgery SSRF vulnerability allowing unexpected DNS lookups and requests to malicious...

Atlassian Jira 8.6.x < 8.13.2 Insecure Direct Object References

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.10 or 8.6.x 8.13.2. It is, therefore, affected by an Insecure Direct Object References IDOR vulnerability allowing remote attackers to view the metadata of boards they...

Atlassian Jira 8.14.x < 8.14.1 Information Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.11, 8.6.x 8.13.3 or 8.14.x 8.14.1. It is, therefore, affected by an information disclosure vulnerability in the Jira Projects plugin report page allowing remote attackers ...

Atlassian Jira < 7.13.16 Information Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.3.16, 8.x 8.5.7 or 8.6.x 8.12.0. It is, therefore, affected by an information disclosure vulnerability in the ViewUserHover.jspa endpoint allowing an unauthenticated user to...

Atlassian Jira 8.14.x < 8.15.1 Information Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.5 or 8.14.x 8.15.1. It is, therefore, affected by a missing permissions check vulnerability allowing remote anonymous attackers to obtain gadget related settings. Note th...

Atlassian Jira < 8.5.10 Server-Side Request Forgery

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.10, 8.6.x 8.13.2 or 8.14.x 8.14.1. It is, therefore, affected by a Server-Side Request Forgery SSRF vulnerability allowing unexpected DNS lookups and requests to malicious...

Atlassian Jira 8.14.x < 8.14.1 Broken Authentication

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.3 or 8.14.x 8.14.1. It is, therefore, affected by a broken authentication vulnerability in the makeRequest gadget resource allowing remote attackers to evade...

Atlassian Jira < 8.15.0 Information Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.15.0. It is, therefore, affected by an information disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint allowing unauthenticated remote attackers to view...

Atlassian Jira < 8.13.3 Broken Authentication

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.3 or 8.14.x 8.14.1. It is, therefore, affected by a broken authentication vulnerability in the makeRequest gadget resource allowing remote attackers to evade...

X-Cart Files Information Disclosure

X-Cart sensitive files have been detected on the target X-Cart installation. This may present an attacker with sensitive information to mount further attacks. No source data...

GraphQL API Detected

GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. It is a popular alternative to traditional REST or SOAP APIs, providing flexibility and an optimized data fetching method. The scanner detected th...

Microsoft FrontPage Insecure Extension Configuration

An information disclosure vulnerability is present on the remote server due to exposure of Microsoft FrontPage extensions configuration files in the vtipvt directory. No source data...

Apache Struts 2 Demo Application Detected

The scanner has detected a publicly accessible Apache Struts 2 default demo application. Known and unknown vulnerabilities could be more easily exploited via this kind of application. No source data...

WordPress 5.5.x < 5.5.4 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An XML External Entity XXE vulnerability exists in the media library affecting PHP 8. - A data exposure vulnerability exists in the REST API. Note that the scanner has not...

WordPress 5.0.x < 5.0.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An XML External Entity XXE vulnerability exists in the media library affecting PHP 8. - A data exposure vulnerability exists in the REST API. Note that the scanner has not...