The list of vulnerabilities that Probely currently detects is the following one. Please refer to this page periodically for an updated list. Keep in mind that some vulnerabilities are grouped together.

  • Reflected cross-site scripting
  • Stored cross-site scripting
  • Operating system command injection
  • XML external entity injection
  • ASP.NET debugging enabled
  • Insecure crossdomain.xml policy
  • Insecure Silverlight clientaccesspolicy.xml policy
  • SQL Injection
  • SQL injection (second order)
  • Cross Origin Resource Sharing: Arbitrary Origin Trusted
  • Unencrypted communications
  • Mixed content
  • Expired TLS certificate
  • TLS certificate about to expire
  • Certificate without revocation information
  • Insecure SSL protocol version 2 supported
  • Insecure SSL protocol version 3 supported
  • Outdated TLS protocol version 1.0 supported
  • Secure TLS protocol version 1.2 not supported
  • Weak cipher suites enabled
  • Server Cipher Order not configured
  • Untrusted TLS certificate (invalid CN, SAN, issuer or chain)
  • Heartbleed
  • Potential DoS on TLS Client Renegotiation
  • Secure Renegotiation is not supported
  • TLS Downgrade attack prevention not supported
  • WordPress version with known vulnerabilities
  • WordPress plugin with known vulnerabilities
  • Joomla! version with known vulnerabilities
  • Log file disclosure
  • Backup file disclosure
  • Full path disclosure
  • HSTS header not enforced
  • HSTS header set in HTTP
  • HSTS header with low duration and no subdomain protection
  • HSTS header with low duration
  • HSTS header does not protect subdomains
  • Inclusion of cryptocurrency mining script (around 12000 domains)
  • Browser XSS protection disabled
  • Browser content sniffing allowed
  • Referrer policy not defined
  • Insecure referrer policy
  • HTTP TRACE method enabled
  • JQuery library with known vulnerabilities
  • AngularJS library with known vulnerabilities
  • Bootstrap library with known vulnerabilities
  • JQuery Mobile library with known vulnerabilities
  • JQuery Migrate library with known vulnerabilities
  • Moment.js library with known vulnerabilities
  • Prototype library with known vulnerabilities
  • React library with known vulnerabilities
  • SWFObject library with known vulnerabilities
  • TinyMCE library with known vulnerabilities
  • Backbone library with known vulnerabilities
  • Mustache library with known vulnerabilities
  • Handlebars library with known vulnerabilities
  • Dojo library with known vulnerabilities
  • jPlayer library with known vulnerabilities
  • CKEditor library with known vulnerabilities
  • DWR library with known vulnerabilities
  • Flowplayer library with known vulnerabilities
  • DOMPurify library with known vulnerabilities
  • Plupload library with known vulnerabilities
  • easyXDM library with known vulnerabilities
  • Ember library with known vulnerabilities
  • YUI library with known vulnerabilities
  • Sessvars library with known vulnerabilities
  • jQuery UI library with known vulnerabilities
  • Cookie without HttpOnly flag
  • SSL cookie without Secure flag
  • Open redirection
  • Stored Open redirection
  • Directory Listing
  • HTTP response header injection
  • ASP.NET tracing enabled
  • Path traversal
  • Missing cross-site request forgery protection
  • Missing clickjacking protection
  • ASP.NET ViewState without MAC
  • Session Token in URL
  • Application error message
  • Private IP addresses disclosed
  • Server-side template injection
  • Server-side JavaScript injection
  • Insecure PHP Object deserialization
  • PHP code injection (also known as Local File Inclusion)
Did this answer your question?