Web App Vulnerabilities

1. Introduction The IBM WebSphere Portal Unspecified JSP XSS (PI16040) vulnerability allows an attacker to execute code in a user’s...

1. Introduction The “Insecure Client-Access Policy” vulnerability occurs when a Silverlight application’s `ClientAccessPolicy.xml` file is configured too permissively, allowing cross-domain...

1. Introduction ImpressPages Detection identifies instances of the ImpressPages content management system running on a web server. This is an...

1. Introduction Inductive Automation Ignition Detection indicates that a web-based SCADA HMI solution is running on the remote host. This...

1. Introduction The iniNet SpiderControl SCADA Web Server Detection indicates a web server used for managing and monitoring Programmable Logic...

1. Introduction The InMail/InShop application is vulnerable to a cross-site scripting (XSS) attack in the ‘inmail.pl’ and ‘inshop.pl’ scripts. This...

1. Introduction Input Reflected is a vulnerability where user-supplied data is immediately returned in the response without proper sanitisation. This...

1. Introduction The ‘Access-Control-Allow-Origin’ vulnerability occurs when a web application incorrectly configures Cross-Origin Resource Sharing (CORS) headers, specifically by setting...

1. Introduction Insecure Cross-Domain Policy (allow-access-from) occurs when a website’s `crossdomain.xml` file is configured too permissively, allowing any domain to...

1. Introduction Insecure Cross-Domain Policy (allow-http-request-headers-from) occurs when a website’s `crossdomain.xml` file is configured too permissively, allowing any domain to...