| 7 |
Remote File Inclusion |
release |
High |
Active |
| 10028 |
Off-site Redirect |
release |
High |
Passive |
| 10029 |
Cookie Poisoning |
release |
Informational |
Passive |
| 10030 |
User Controllable Charset |
release |
Informational |
Passive |
| 10031 |
User Controllable HTML Element Attribute (Potential XSS) |
release |
Informational |
Passive |
| 10043 |
User Controllable JavaScript Event (XSS) |
release |
Informational |
Passive |
| 20014 |
HTTP Parameter Pollution |
beta |
Informational |
Active |
| 20019-1 |
External Redirect |
release |
High |
Active |
| 20019-2 |
External Redirect |
release |
High |
Active |
| 20019-3 |
External Redirect |
release |
High |
Active |
| 20019-4 |
External Redirect |
release |
High |
Active |
| 30001 |
Buffer Overflow |
release |
Medium |
Active |
| 30002 |
Format String Error |
release |
Medium |
Active |
| 30003 |
Integer Overflow Error |
beta |
Medium |
Active |
| 40003 |
CRLF Injection |
release |
Medium |
Active |
| 40008 |
Parameter Tampering |
release |
Medium |
Active |
| 40009 |
Server Side Include |
release |
High |
Active |
| 40015-1 |
LDAP Injection - activedirectory |
alpha |
High |
Active |
| 40015-2 |
LDAP Injection |
alpha |
High |
Active |
| 40018 |
SQL Injection |
release |
High |
Active |
| 40019 |
SQL Injection - MySQL (Time Based) |
release |
High |
Active |
| 40020 |
SQL Injection - Hypersonic SQL (Time Based) |
release |
High |
Active |
| 40021 |
SQL Injection - Oracle (Time Based) |
release |
High |
Active |
| 40022 |
SQL Injection - PostgreSQL (Time Based) |
release |
High |
Active |
| 40024-1 |
SQL Injection - SQLite (Time Based) |
alpha |
High |
Active |
| 40024-2 |
SQL Injection - SQLite (Time Based) |
alpha |
High |
Active |
| 40027 |
SQL Injection - MsSQL (Time Based) |
release |
High |
Active |
| 40033 |
NoSQL Injection - MongoDB |
beta |
High |
Active |
| 40045 |
Spring4Shell |
release |
High |
Active |
| 40048 |
Remote Code Execution (React2Shell) |
release |
High |
Active |
| 90017 |
XSLT Injection |
release |
Medium |
Active |
| 90018 |
Advanced SQL Injection |
beta |
High |
Active |
| 90019-1 |
Server Side Code Injection - PHP Code Injection |
release |
High |
Active |
| 90019-2 |
Server Side Code Injection - ASP Code Injection |
release |
High |
Active |
| 90020 |
Remote OS Command Injection |
release |
High |
Active |
| 90021 |
XPath Injection |
release |
High |
Active |
| 90025 |
Expression Language Injection |
beta |
High |
Active |
| 90026 |
SOAP Action Spoofing |
beta |
High |
Active |
| 90029 |
SOAP XML Injection |
beta |
High |
Active |
| 90035 |
Server Side Template Injection |
release |
High |
Active |
| 90036 |
Server Side Template Injection (Blind) |
release |
High |
Active |
| 90037 |
Remote OS Command Injection (Time Based) |
release |
High |
Active |
| 90039 |
NoSQL Injection - MongoDB (Time Based) |
beta |
High |
Active |
| 100029 |
File Content Disclosure (CVE-2019-5418) |
alpha |
High |
Script Active |
| 100044-1 |
Suspicious Input Transformation - Quote Consumption |
alpha |
High |
Script Active |
| 100044-2 |
Suspicious Input Transformation - Arithmetic Evaluation |
alpha |
High |
Script Active |
| 100044-3 |
Suspicious Input Transformation - Expression Evaluation |
alpha |
High |
Script Active |
| 100044-4 |
Suspicious Input Transformation - Template Evaluation |
alpha |
High |
Script Active |
| 100044-5 |
Suspicious Input Transformation - EL Evaluation |
alpha |
High |
Script Active |
| 100044-6 |
Suspicious Input Transformation - Unicode Normalisation |
alpha |
High |
Script Active |
| 100044-7 |
Suspicious Input Transformation - URL Decoding Error |
alpha |
High |
Script Active |
| 100044-8 |
Suspicious Input Transformation - Unicode Byte Truncation |
alpha |
High |
Script Active |
| 100044-9 |
Suspicious Input Transformation - Unicode Case Conversion |
alpha |
High |
Script Active |
| 100044-10 |
Suspicious Input Transformation - Unicode Combining Diacritic |
alpha |
High |
Script Active |