An Object-Relational Mapping (ORM) Leak vulnerability occurs when an application does not properly control how user-provided data is passed to the ORM. An attacker can exploit this by manipulating input parameters to query fields that are not intended to be exposed. This can lead to the disclosure of sensitive information from the database, such as user credentials, personal information, or other confidential data. In some cases, it could also allow an attacker to perform unauthorized data modification operations.

A Path Relative Style Sheet Import occurs when the application imports a style sheet via a relative URL and uses user input in the file name. This vulnerability mainly affects older browsers such as Internet Explorer and allows an attacker to exploit the way the browser handles stylesheet imports in order to perform CSS Injection.

Edge Side Includes (ESI) is a markup language used for dynamic web content assembly. It allows web developers to cache parts of web pages at the edge servers, reducing server load and improving page load times. However, when ESI is improperly implemented, it can be vulnerable to ESI Injection attacks.

In an ESI Injection attack, an attacker injects malicious ESI tags into a web page. These tags can instruct the edge server to include malicious content or execute unintended actions. This can lead to several security risks, including data leakage, Cross-Site Scripting (XSS), and the execution of arbitrary code.

An XSLT Injection is when an attacker tries to inject XSLT documents to the application.

This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located, and other system impacts.

This is an informational plugin to inform that user data controlled input is reflected in the response.

HTML/CSS Injection is an attack that injects arbitrary characters into a web page. When an application does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value which is then reflected in the page. This attack is typically used as, or in conjunction with, social engineering by transmitting a URL that completely modifies the target page with, for example, a fake authentication test pattern in order to steal the user's identifiers. In some cases, this attack can also lead directly or indirectly to a Cross-Site Scripting.

An XML Injection is when an attacker tries to inject an XML documents to the application. If the XML parser fails to contextually validate data, then the test will yield a positive result.

This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located, and other system impacts.

A Server-Side Include Injection vulnerability exists when an application embeds and evaluates unsafe user-controlled server-side include directives.

By injecting a specific payload an attacker can leverage this vulnerability to conduct a remote code execution.

A NoSQL injection occurs when a value originating from the client's request is used within a NoSQL call without prior sanitisation.

This can allow cyber-criminals to execute arbitrary NoSQL code and thus steal data, or use the additional functionality of the database server to take control of further server components.

Scanner discovered that the affected page and parameter are vulnerable. This injection was detected as scanner was able to discover known error messages within the server's response.

Lightweight Directory Access Protocol (LDAP) is used by web applications to access and maintain directory information services.

One of the most common uses for LDAP is to provide a Single-Sign-On (SSO) service that will allow clients to authenticate with a web site without any interaction (assuming their credentials have been validated by the SSO provider).

LDAP injection occurs when untrusted data is used by the web application to query the LDAP directory without prior sanitisation.

This is a serious security risk, as it could allow cyber-criminals the ability to query, modify, or remove anything from the LDAP tree. It could also allow other advanced injection techniques that perform other more serious attacks.

Scanner was able to detect a page that is vulnerable to LDAP injection based on known error messages.

This injection was detected as scanner was able to bypass the authentication mechanism and access an authenticated page.

Expression Language (EL) has been defined as part of the Java Server Pages Standard Tag Library (JSTL) in order to offer developers a simple way to output data from an object model. Starting from the JSP 2.0 specification, Expression Language has been made available within JSP pages, but it is also present in many implementations like :
 - Apache Jakarta
 - Object-Graph Navigation Language (OGNL) used by Struts and WebWork 
 - MVFLEX Expression Language (MVEL)
 - Spring Expression Language (SPEL)

An Expression Language Injection (ELI) vulnerability exists when an application incorporates unsafe user-controlled inputs which are dynamically evaluated by an expression interpreter.

By injecting a specific payload depending on the expression interpreter used by the application, an attacker can leverage this vulnerability to gain access to sensitive information or to achieve remote code execution on the target server.

XML Path Language (XPath) queries are used by web applications for selecting nodes from XML documents. Once selected, the value of these nodes can then be used by the application.

A simple example for the use of XML documents is to store user information. As part of the authentication process, the application will perform an XPath query to confirm the login credentials and retrieve that user's information to use in the following request.

XPath injection occurs where untrusted data is used to build XPath queries.

Cyber-criminals may abuse this injection vulnerability to bypass authentication, query other user's information, or, if the XML document contains privileged user credentials, allow the cyber-criminal to escalate their privileges.

Scanner injected special XPath query characters into the page and based on the responses from the server, has determined that the page is vulnerable to XPath injection.

This injection was detected as scanner was able to inject specific XPath queries, that if vulnerable, result in the responses for each injection being different. This is known as a blind XPath injection vulnerability.

XML Path Language (XPath) queries are used by web applications for selecting nodes from XML documents. Once selected, the value of these nodes can then be used by the application.

A simple example for the use of XML documents is to store user information. As part of the authentication process, the application will perform an XPath query to confirm the login credentials and retrieve that user's information to use in the following request.

XPath injection occurs where untrusted data is used to build XPath queries.

Cyber-criminals may abuse this injection vulnerability to bypass authentication, query other user's information, or, if the XML document contains privileged user credentials, allow the cyber-criminal to escalate their privileges.

Scanner injected special XPath query characters into the page and based on the responses from the server, has determined that the page is vulnerable to XPath injection.

Content Injection is an attack that injects arbitrary characters into a web page. When an application does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value which is then reflected in the page. This attack is typically used as, or in conjunction with, social engineering by transmitting a URL that completely modifies the target page with, for example, a fake authentication test pattern in order to steal the user's identifiers. In some cases, this attack can also lead directly or indirectly to a Cross-Site Scripting or a client-side JSON injection.

An SQL injection occurs when a value originating from the client's request is used within a SQL query without prior sanitisation. Typically, query escape functions or placeholders are known to prevent SQL injections. However, mysqljs/mysql is known to have different escape methods over different value types, and it could eventually cause unexpected behaviors when the attacker passes the parameter with a different value type.

This injection was detected as scanner was able to bypass the authentication mechanism and access an authenticated page.

Due to the requirement for dynamic content of today's web applications, many rely on a database backend to store data that will be called upon and processed by the web application (or other programs). Web applications retrieve data from the database by using Structured Query Language (SQL) queries.

To meet demands of many developers, database servers (such as MSSQL, MySQL, Oracle etc.) have additional built-in functionality that can allow extensive control of the database and interaction with the host operating system itself.

An SQL injection occurs when a value originating from the client's request is used within a SQL query without prior sanitisation. This could allow cyber-criminals to execute arbitrary SQL code and steal data or use the additional functionality of the database server to take control of more server components.

The successful exploitation of a SQL injection can be devastating to an organisation and is one of the most commonly exploited web application vulnerabilities.

This injection was detected as scanner was able to bypass the authentication mechanism and access an authenticated page.

JSONP (JSON with Padding) is a JavaScript technique that allows you to query data from a server without worrying about cross-domain issues by using the tag scripts rather than the XMLHttpRequest object and thus not worrying about the browser's same-origin-policy restrictions. Due to the nature of JSONP not to apply origin control, depending on the server's response to the request, this feature can be abused by an attacker to steal sensitive information from the user and in some cases, also lead to arbitrary JavaScript code execution (Cross-Site Scripting).

Modern web applications often rely on client-side template frameworks to render views to their users.

A Client-Side Template Injection (CSTI) vulnerability exists when an application embeds and evaluates unsafe user-controlled expressions in its client-side templates.

By injecting a specific payload dependent on the template framework used by the application, an attacker can leverage this vulnerability to conduct cross-site scripting attacks.

Web applications often rely on template engines to manage the dynamic generation of the HTML pages presented to their users.

A Server-Side Template Injection (SSTI) vulnerability exists when an application embeds unsafe user-controlled inputs in its templates and then evaluates it.

By injecting a specific payload dependent on the template engine used by the application, an attacker can leverage this vulnerability to gain access to sensitive information or to achieve remote code execution.

When creating URI for links in web applications, developers often resort to the HTTP Host header available in HTTP request sent by client side. A remote attacker can exploit this by sending a fake header with a domain name under his control allowing him to poison web-cache or password reset emails for example.

Lightweight Directory Access Protocol (LDAP) is used by web applications to access and maintain directory information services.

One of the most common uses for LDAP is to provide a Single-Sign-On (SSO) service that will allow clients to authenticate with a web site without any interaction (assuming their credentials have been validated by the SSO provider).

LDAP injection occurs when untrusted data is used by the web application to query the LDAP directory without prior sanitisation.

This is a serious security risk, as it could allow cyber-criminals the ability to query, modify, or remove anything from the LDAP tree. It could also allow other advanced injection techniques that perform other more serious attacks.

Scanner was able to detect a page that is vulnerable to LDAP injection based on known error messages.

A NoSQL injection occurs when a value originating from the client's request is used within a NoSQL call without prior sanitisation.

This can allow cyber-criminals to execute arbitrary NoSQL code and thus steal data, or use the additional functionality of the database server to take control of further server components.

Scanner discovered that the affected page and parameter are vulnerable. This injection was detected as scanner was able to inject specific NoSQL queries that if vulnerable result in the responses for each injection being different. This is known as a blind NoSQL injection vulnerability.

Due to the requirement for dynamic content of today's web applications, many rely on a database backend to store data that will be called upon and processed by the web application (or other programs). Web applications retrieve data from the database by using Structured Query Language (SQL) queries.

To meet demands of many developers, database servers (such as MSSQL, MySQL, Oracle etc.) have additional built-in functionality that can allow extensive control of the database and interaction with the host operating system itself.

An SQL injection occurs when a value originating from the client's request is used within a SQL query without prior sanitisation. This could allow cyber-criminals to execute arbitrary SQL code and steal data or use the additional functionality of the database server to take control of more server components.

The successful exploitation of a SQL injection can be devastating to an organisation and is one of the most commonly exploited web application vulnerabilities.

This injection was detected as scanner was able to inject specific SQL queries, that if vulnerable, result in the responses for each request being delayed before being sent by the server. This is known as a time-based blind SQL injection vulnerability.

Due to the requirement for dynamic content of today's web applications, many rely on a database backend to store data that will be called upon and processed by the web application (or other programs). Web applications retrieve data from the database by using Structured Query Language (SQL) queries.

To meet demands of many developers, database servers (such as MSSQL, MySQL, Oracle etc.) have additional built-in functionality that can allow extensive control of the database and interaction with the host operating system itself.

An SQL injection occurs when a value originating from the client's request is used within a SQL query without prior sanitisation. This could allow cyber-criminals to execute arbitrary SQL code and steal data or use the additional functionality of the database server to take control of more server components.

The successful exploitation of a SQL injection can be devastating to an organisation and is one of the most commonly exploited web application vulnerabilities.

This injection was detected as scanner was able to inject specific SQL queries, that if vulnerable, result in the responses for each injection being different. This is known as a blind SQL injection vulnerability.

Due to the requirement for dynamic content of today's web applications, many rely on a database backend to store data that will be called upon and processed by the web application (or other programs). Web applications retrieve data from the database by using Structured Query Language (SQL) queries.

To meet demands of many developers, database servers (such as MSSQL, MySQL, Oracle etc.) have additional built-in functionality that can allow extensive control of the database and interaction with the host operating system itself.

An SQL injection occurs when a value originating from the client's request is used within a SQL query without prior sanitisation. This could allow cyber-criminals to execute arbitrary SQL code and steal data or use the additional functionality of the database server to take control of more server components.

The successful exploitation of a SQL injection can be devastating to an organisation and is one of the most commonly exploited web application vulnerabilities.

This injection was detected as scanner was able to cause the server to respond to the request with a database related error.

An XML External Entity attack is a type of attack against an application that parses XML input.

This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.

This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located, and other system impacts.

ID	Name	Severity
115010	Object-Relational Mapping (ORM) Leak	high
114466	Path Relative Stylesheet Import	info
114398	Edge Side Includes Injection	medium
114162	XSLT Injection	high
114135	Input Reflected	info
114134	HTML/CSS Injection	medium
114116	XML Injection	high
113634	Server-Side Inclusion Injection	high
113337	NoSQL Injection Authentication Bypass	high
113331	LDAP Injection Authentication Bypass	high
113317	Expression Language Injection	high
113310	Blind XPath Injection (differential analysis)	high
113309	XPath Injection Authentication Bypass	high
113212	Content Injection	low
113162	MySQLjs SQL Injection Authentication Bypass	high
113069	SQL Injection Authentication Bypass	high
112805	JSONP Injection	medium
112684	Client-Side Template Injection	medium
112614	Server-Side Template Injection	high
98623	Host Header Injection	medium
98127	LDAP Injection	high
98119	Blind NoSQL Injection (differential analysis)	high
98118	Blind SQL Injection (timing attack)	high
98117	Blind SQL Injection (differential analysis)	high
98116	NoSQL Injection	high
98115	SQL Injection	high
98114	XPath Injection	high
98113	XML External Entity	critical

Detections

Analytics

Injection Family for Web App Scanning

high

info

medium

high

info

medium

high

high

high

high

high

high

high

low

high

high

medium

medium

high

medium

high

high

high

high

high

high

high

critical