The list of vulnerabilities that Probely currently detects is the following one. Please refer to this page periodically for an updated list. Keep in mind that some vulnerabilities are grouped together.
Reflected cross-site scripting
Stored cross-site scripting
Operating system command injection
XML external entity injection
ASP.NET debugging enabled
Insecure crossdomain.xml policy
Insecure Silverlight clientaccesspolicy.xml policy
SQL Injection
Cross-Origin Resource Sharing: Arbitrary Origin Trusted
Unencrypted communications
Mixed content
Expired TLS certificate
TLS certificate about to expire
Certificate without revocation information
Insecure SSL protocol version 2 supported
Insecure SSL protocol version 3 supported
Deprecated TLS protocol version 1.0 supported
Deprecated TLS protocol version 1.1 supported
Secure TLS protocol version 1.2 not supported
Weak cipher suites enabled
Server Cipher Order not configured
Untrusted TLS certificate (invalid CN, SAN, issuer or chain)
Heartbleed
Potential DoS on TLS Client Renegotiation
Secure Renegotiation is not supported
TLS Downgrade attack prevention not supported
WordPress version with known vulnerabilities
WordPress plugin with known vulnerabilities
Joomla! version with known vulnerabilities
Log file disclosure
Backup file disclosure
Full path disclosure
HSTS header not enforced
HSTS header set in HTTP
HSTS header with low duration and no subdomain protection
HSTS header with low duration
HSTS header does not protect subdomains
Inclusion of cryptocurrency mining script
Browser content sniffing allowed
Referrer policy not defined
Insecure referrer policy
Missing Content Security Policy header (CSP)
Insecure Content Security Policy (CSP)
HTTP TRACE method enabled
JQuery library with known vulnerabilities
AngularJS library with known vulnerabilities
Bootstrap library with known vulnerabilities
JQuery Mobile library with known vulnerabilities
JQuery Migrate library with known vulnerabilities
Moment.js library with known vulnerabilities
Prototype library with known vulnerabilities
React library with known vulnerabilities
SWFObject library with known vulnerabilities
TinyMCE library with known vulnerabilities
Backbone library with known vulnerabilities
Mustache library with known vulnerabilities
Handlebars library with known vulnerabilities
Dojo library with known vulnerabilities
jPlayer library with known vulnerabilities
CKEditor library with known vulnerabilities
DWR library with known vulnerabilities
Flowplayer library with known vulnerabilities
DOMPurify library with known vulnerabilities
Plupload library with known vulnerabilities
easyXDM library with known vulnerabilities
Ember library with known vulnerabilities
YUI library with known vulnerabilities
Sessvars library with known vulnerabilities
jQuery UI library with known vulnerabilities
prettyPhoto library with known vulnerabilities
Vue.js library with known vulnerabilities
Knockout library with known vulnerabilities
Next.js library with known vulnerabilities
Underscore.js library with known vulnerabilities
Chart.js library with known vulnerabilities
JSZip library with known vulnerabilities
Svelte library with known vulnerabilities
Axios library with known vulnerabilities
Froala library with known vulnerabilities
Highcharts library with known vulnerabilities
Cookie without HttpOnly flag
SSL cookie without Secure flag
Cookie with SameSite attribute set to None
Open redirection
Directory Listing
HTTP response header injection
ASP.NET tracing enabled
Path traversal
Remote File Inclusion
Missing cross-site request forgery protection
Missing clickjacking protection
ASP.NET ViewState without MAC
Session Token in URL
Application error message
Private IP addresses disclosed
Server-side template injection
Server-side JavaScript injection
Insecure PHP Object deserialization
PHP code injection (also known as Local File Inclusion)
GraphQL Introspection enabled
Log4Shell (CVE-2021-42287)
Spring Cloud SPEL Code Injection (CVE-2022-22963)
Spring4Shell (CVE-2022-22965)
Weak JWT HMAC secret
Using jwk parameter to verify JWTs
JWT signature is not being verified
JWT accepting none algorithm
JWT algorithm confusion
Python code injection
MongoDB Injection
Insecure browser XSS protection enabled
Hidden file found
Server-side request forgery
Drupal version with known vulnerabilities
XPath Injection
CRLF Injection
Supply Chain Compromise
List of deprecated vulnerabilities that are no longer detected:
Browser XSS protection disabled