| 6-1 |
Path Traversal |
release |
High |
Active |
| 6-2 |
Path Traversal |
release |
High |
Active |
| 6-3 |
Path Traversal |
release |
High |
Active |
| 6-4 |
Path Traversal |
release |
High |
Active |
| 6-5 |
Path Traversal |
release |
High |
Active |
| 7 |
Remote File Inclusion |
release |
High |
Active |
| 20019-1 |
External Redirect |
release |
High |
Active |
| 20019-2 |
External Redirect |
release |
High |
Active |
| 20019-3 |
External Redirect |
release |
High |
Active |
| 20019-4 |
External Redirect |
release |
High |
Active |
| 40003 |
CRLF Injection |
release |
Medium |
Active |
| 40008 |
Parameter Tampering |
release |
Medium |
Active |
| 40009 |
Server Side Include |
release |
High |
Active |
| 40012 |
Cross Site Scripting (Reflected) |
release |
High |
Active |
| 40014-1 |
Cross Site Scripting (Persistent) |
release |
High |
Active |
| 40014-2 |
Cross Site Scripting Weakness (Persistent in JSON Response) |
release |
Low |
Active |
| 40014-3 |
Cross Site Scripting (Persistent) |
release |
High |
Active |
| 40016 |
Cross Site Scripting (Persistent) - Prime |
release |
Informational |
Active |
| 40017 |
Cross Site Scripting (Persistent) - Spider |
release |
Informational |
Active |
| 40018 |
SQL Injection |
release |
High |
Active |
| 40019 |
SQL Injection - MySQL (Time Based) |
release |
High |
Active |
| 40020 |
SQL Injection - Hypersonic SQL (Time Based) |
release |
High |
Active |
| 40021 |
SQL Injection - Oracle (Time Based) |
release |
High |
Active |
| 40022 |
SQL Injection - PostgreSQL (Time Based) |
release |
High |
Active |
| 40026 |
Cross Site Scripting (DOM Based) |
release |
High |
Active |
| 40027 |
SQL Injection - MsSQL (Time Based) |
release |
High |
Active |
| 40031 |
Out of Band XSS |
beta |
High |
Active |
| 40046 |
Server Side Request Forgery |
beta |
High |
Active |
| 40047 |
Text4shell (CVE-2022-42889) |
beta |
High |
Active |
| 40048 |
Remote Code Execution (React2Shell) |
release |
High |
Active |
| 90017 |
XSLT Injection |
release |
Medium |
Active |
| 90019-1 |
Server Side Code Injection - PHP Code Injection |
release |
High |
Active |
| 90019-2 |
Server Side Code Injection - ASP Code Injection |
release |
High |
Active |
| 90020 |
Remote OS Command Injection |
release |
High |
Active |
| 90021 |
XPath Injection |
release |
High |
Active |
| 90023 |
XML External Entity Attack |
release |
High |
Active |
| 90026 |
SOAP Action Spoofing |
beta |
High |
Active |
| 90028-1 |
Insecure HTTP Method - DELETE |
beta |
Medium |
Active |
| 90028-2 |
Insecure HTTP Method - PUT |
beta |
Medium |
Active |
| 90028-3 |
Insecure HTTP Method - TRACE |
beta |
Medium |
Active |
| 90028-4 |
Insecure HTTP Method - CONNECT |
beta |
Medium |
Active |
| 90028-5 |
Insecure HTTP Method - PROPFIND |
beta |
Informational |
Active |
| 90028-6 |
Insecure HTTP Method - PUT |
beta |
Medium |
Active |
| 90029 |
SOAP XML Injection |
beta |
High |
Active |
| 90035 |
Server Side Template Injection |
release |
High |
Active |
| 90036 |
Server Side Template Injection (Blind) |
release |
High |
Active |
| 90037 |
Remote OS Command Injection (Time Based) |
release |
High |
Active |