Web Application Advisories by Invicti

The below is a list of advisories about vulnerabilities in web applications identified with Invicti’s scanning engine, which is used in desktop based scanner Invicti Standard and in the online web security service Invicti Enterprise.

Advisories Released in 2021

Advisories Released in 2020

Advisories Released in 2019

Advisories Released in 2018

ID Name
NS-18-061 Multiple Cross-site Scripting Vulnerabilities in ProjectSend r1053
NS-18-060 Cross-site Scripting Vulnerability in ElkArte 1.1.0
NS-18-059 Multiple Cross-Site Scripting Vulnerabilities in HTMLy 2.7.4
NS-18-058 SQL Injection Vulnerabilities in inoERP 0.6.1
NS-18-057 Multiple Cross-site Scripting Vulnerabilities in Zencart 1.5.5f
NS-18-056 Open Redirection Vulnerability in GetSimpleCMS 3.3.13
NS-18-055 Boolean SQL Injection Vulnerability in Monica 1.8.2
NS-18-054 Multiple Cross-site Scripting Vulnerabilities in PluXml 5.7
NS-18-053 Multiple Reflected Cross-site Scripting Vulnerabilities in WeBid 1.2.2
NS-18-052 Reflected Cross-site Scripting Vulnerability in Collabtive 3.1
NS-18-051 Stored Cross-site Scripting Vulnerability in Podcast Generator 2.7
NS-18-050 Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46
NS-18-049 Cross-site Scripting Vulnerability in Abantecart 1.2.12
NS-18-048 Cross-site Scripting via XML Vulnerability in DNN 9.1
NS-18-047 Multiple Cross-site Scripting Vulnerabilities in FluxBB 1.5.10
NS-18-046 Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.9.0
NS-18-045 XML External Entity Injection Vulnerability in BlogEngine 3.3
NS-18-044 Open Redirection Vulnerabilities in OrangeForum 1.4.0
NS-18-043 Multiple Cross-site Scripting Vulnerabilities in ZenPhoto 1.4.14
NS-18-042 Reflected Cross-site Scripting in Mantis 2.11.1
NS-18-041 DOM Based Cross-site Scripting Vulnerability in Sharrre 2.0.1
NS-18-040 Multiple Cross-site Scripting Vulnerabilities in Family Connections 3.7.0
NS-18-039 Multiple Cross-site Scripting Vulnerabilities in GeniXCMS 1.1.5
NS-18-038 Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8
NS-18-037 Open Redirection Vulnerability in ForkCMS 5.0.6
NS-18-036 SQL injection Vulnerability in Zurmo 2.3.4
NS-18-035 Multiple Cross-site Scripting Vulnerabilities in Zurmo 2.3.4
NS-18-034 Code Evolution (PHP) Vulnerability in Zurmo 2.3.4
NS-18-033 Multiple Cross-site Scripting Vulnerabilities in ImpressCMS 1.3.10
NS-18-032 Stored Cross-site Scripting Vulnerability in ForkCMS 5.0.6
NS-18-031 Blind SQL Injection Vulnerabilities in Plikli 4.0.0
NS-18-030 Multiple Cross-site Scripting Vulnerabilities in Plikli 4.0.0
NS-18-029 Multiple Cross-site Scripting Vulnerabilities in OSclass 3.7.4
NS-18-028 SQL Injection Vulnerabilities in Chamilo 1.11.6
NS-18-027 Multiple Cross-site Scripting Vulnerabilities in Chamilo 1.11.6
NS-18-026 Reflected Cross-site Scripting Vulnerability in Typesetter 5.1
NS-18-025 Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2
NS-18-024 Multiple Cross-Site Scripting Vulnerabilities in FreshRSS 1.11.1
NS-18-023 SQL Injection and Blind SQL Injection Vulnerabilities in SOPlanning 1.41
NS-18-022 Multiple Reflected Cross-site Scripting Vulnerabilities in Seopanel 3.13.0
NS-18-021 Open Redirection Vulnerabilities in Eventum v3.3.4
NS-18-020 Cross-site Scripting Vulnerabilities in Carbon Forum 5.9.0
NS-18-019 Code Evaluations in FuelCMS 1.4.1
NS-18-018 SQL Injection Vulnerabilities in FuelCMS 1.4.1
NS-18-017 Cross-site Request Forgery Vulnerabilities in Serenity 3.0.5
NS-18-016 Reflected Cross-site Scripting Vulnerability in BigTree CMS 4.2.23 
NS-18-015 Multiple Cross-site Scripting Vulnerabilities in Dolibarr 7.0.3
NS-18-014 PHP Code Evaluation Vulnerability in Wolf CMS 0.8.3.1
NS-18-013 Cross Site Request Forgery Vulnerability in Platformus 1.0.0-alpha21
NS-18-012 Stored Cross-site Scripting Vulnerability in Platformus 1.0.0-alpha21
NS-18-011 Stored Cross-site Scripting in inoERP 0.6.1
NS-18-010 Multiple Cross-site Scripting Vulnerabilities in TikiWiki 17.1
NS-18-009 Frame Injection Vulnerabilities in TikiWiki 17.1
NS-18-008 Multiple Cross-site Scripting Vulnerabilities in ClipperCMS 1.3.3
NS-18-007 Multiple Cross-site Scripting Vulnerabilities in TangoBB 1.5.1
NS-18-006 Multiple Reflected Cross-site Scripting Vulnerabilities in Dotclear 2.13.1
NS-18-005 Stored XSS Vulnerability in BigTreeCMS 4.2.19
NS-18-004 Stored XSS Vulnerability in Omeka 2.6
NS-18-003 Multiple Reflected XSS Vulnerabilities in TCexam 14.0.3
NS-18-002 Frame Injection Vulnerabilities in Gibbon v14.0.01
NS-18-001 Multiple XSS Vulnerabilities in Gibbon v14.0.01

Advisories Released in 2017

ID Name
NS-17-032 Server-Side Template Injection Vulnerability in CMS Made Simple
NS-17-031 Reflected XSS Vulnerability in CMS Made Simple
NS-17-030 Multiple Reflected XSS Vulnerabilities in phpfk Lite
NS-17-029 Reflected XSS Vulnerability in Wirawan Test 10okt2016
NS-17-028 Multiple Blind SQL Injection Vulnerabilities in Chronosite 5.1.2
NS-17-027 Multiple Reflected XSS Vulnerabilities in Chronosite 5.1.2
NS-17-026 Reflected XSS Vulnerability in PluXML 5.5
NS-17-025 Multiple Reflected XSS Vulnerabilities in PHFTP 4.2
NS-17-024 Reflected XSS Vulnerability in PHProxy 0.5b2
NS-17-023 Multiple Reflected XSS Vulnerabilities in Vfront 0.99.4
NS-17-022 XSS, CSRF and Multiple Other Vulnerabilities in CubeCart
NS-17-021 Reflected XSS Vulnerability in Online Inventory Manager
NS-17-020 Multiple Reflected XSS Vulnerabilities in Free CMMS 0.04
NS-17-019 Reflected XSS Vulnerability in infoERP
NS-17-018 Reflected XSS Vulnerability in PHuPload
NS-17-017 Reflected XSS Vulnerability in MaxForum
NS-17-016 SQL Injection Vulnerability in Content2
NS-17-015 Multiple Reflected XSS Vulnerabilities in Content2
NS-17-014 Multiple Reflected XSS Vulnerabilities in PHPBB template test suite 2.0.11 (beta)
NS-17-013 Reflected XSS Vulnerability in Simple Picture Gallery Manager
NS-17-012 Reflected XSS Vulnerability in phpRFT
NS-17-011 Reflected XSS Vulnerability in dirLIST
NS-17-010 Reflected XSS Vulnerability in Upload Script for Images and Audio files
NS-17-009 Reflected XSS Vulnerability in OTP
NS-17-008 Reflected XSS Vulnerability in Hexjector
NS-17-007 Multiple Reflected XSS Vulnerabilities in Powebform 1.0.3
NS-17-006 Reflected XSS Vulnerability in Yii Framework
NS-17-005 Blind SQL Injection Vulnerability in SweetRice
NS-17-004 Multiple Reflected XSS Vulnerabilities in NodCMS 1.0
NS-17-003 Multiple Reflected XSS Vulnerabilities in SpiderFoot
NS-17-002 Multiple Reflected XSS Vulnerabilities in MyLittleForum
NS-17-001 Multiple Reflected XSS Vulnerabilities in Collabtive

Advisories Released in 2016

Advisories Released in 2015

Advisories Released in 2014

ID Name
NS-14-045 Remote Code Evaluation Openbiz Cubi
NS-14-044 Multiple XSS Vulnerabilities in Openbiz Cubi
NS-14-043 Multiple SQL Injection Vulnerabilities in Openbiz Cubi
NS-14-042 XSS Vulnerability in Twiki WebSearch
NS-14-041 XSS Vulnerability in Twiki (QUERYSTRING and QUERYPARAMSTRING)
NS-14-040 Multiple XSS Vulnerabilities in KoolPHP
NS-14-039 XSS Vulnerability in Subrion CMS
NS-14-038 XSS Vulnerabilities in Zikula
NS-14-037 XSS Vulnerability in ProjectSend
NS-14-036 XSS Vulnerability in Sharetronix
NS-14-035 XSS Vulnerability in The Bug Genie
NS-14-034 XSS Vulnerability in Oxwall
NS-14-033 XSS Vulnerability in Little Poll
NS-14-032 Multiple XSS Vulnerabilities in LiteCart
NS-14-031 LFI Vulnerability in osClass
NS-14-030 XSS Vulnerabilities in osClass
NS-14-029 LFI & XSS Vulnerability in Codiad
NS-14-028 XSS Vulnerability in PeoplePods
NS-14-027 XSS Vulnerability in SiteCake
NS-14-026 XSS Vulnerability in PageCookery Microblog
NS-14-025 XSS Vulnerability in Storytlr
NS-14-024 XSS Vulnerability in October CMS
NS-14-023 XSS Vulnerability in KajonaCMS
NS-14-022 XSS Vulnerabilities in Booked Scheduler
NS-14-021 XSS Vulnerabilities in osTicket
NS-14-020 XSS Vulnerabilities in Ajenti
NS-14-019 XSS Vulnerability in SQL Buddy
NS-14-018 XSS Vulnerabilities in FishEye
NS-14-017 XSS Vulnerabilities in Responsive File Manager v9.3.4
NS-14-016 XSS Vulnerabilities in Pragyan
NS-14-015 XSS Vulnerabilities in FlatPress
NS-14-014 XSS Vulnerabilities in Tiki Wiki CMS
NS-14-013 XSS Vulnerabilities in TeamCity
NS-14-012 XSS Vulnerabilities in PyroCMS
NS-14-011 XSS Vulnerabilities in Claroline
NS-14-010 XSS Vulnerabilities in Storytlr
NS-14-009 XSS Vulnerabilities in MySeatXT
NS-14-008 XSS Vulnerabilities in phpAlbum
NS-14-007 XSS and SQL Vulnerabilities in e107
NS-14-006 XSS Vulnerabilities in Dokeos
NS-14-005 XSS and SQL Injection Vulnerabilities in SamNews
NS-14-004 XSS Vulnerabilities in UseBB
NS-14-003 XSS Vulnerabilities in Flat Nuke
NS-14-002 XSS Vulnerabilities in Maian Weblog
NS-14-001 Critical Blind SQL Injection Vulnerability in Pragyan CMS

Advisories Released in 2013

Advisories Released in 2012

Advisories Released in 2011