Acunetix Build History Version 13 (build 13.0.200519155 – Windows and Linux) 20th May 2020 Updates Vulnerabilities filter shows correct sorting User can now test notification settings List of Licensed Targets can now be accessed from user profile page Fixes Fixed issue when using the Login Sequence Recorder remotely ConsultLite licenses were being shown as Standard Some vulnerabilities were not displayed correctly in Azure Devops Services Version 13 (build 13.0.200508159 – Windows and Linux) 11th May 2020 New Features Business Logic Recorder – used to record logic used in multi-step forms Export to Citrix WAF Support for Azure DevOps Services issue tracker CVSS3.1 score for most Acunetix vulnerabilities Targets can now be exported to CSV New Graph in Dashboard showing Average vulnerabilities per Target New Vulnerability Checks New check for Server-Side Template Injection (SSTI) in ASP.NET Razor New check for Oracle BI AMF Deserialization RCE (CVE-2020-2950) New check for Possible Cross Site Scripting via jquery.htmlPrefilter() (CVE-2020-11023) New check for Stored XSS in WP theme Onetone (CVE-2019-17230 and CVE-2019-17231) Updated detection of phpinfo pages New checks in WordPress Core and WordPress plugins Updates Manual Intervention (used for CAPTCHAs, OTP etc) is now using the integrated (web-based) LSR As a result of the previous update, Manual Intervention is now available on Linux Improved error reporting for network scans aborted due to network errors Vulnerability alerts updated to show important information at the top Updated Github issue tracker to support Personal Access Token (PAT) authentication Improved reporting of Paused scans in the UI Improved UI message user triggers a scan which is not allowed due to Manual Intervention API documentation can now be downloaded from within the Acunetix UI Added support for popup windows in the Login Sequence Recorder Improved handling of large import files Improved handling large requests / responses generated from import files Decreased false positives reported for Possible username or password disclosure Truncated large vulnerability alerts when sending to Jira issue tracker Fixes Fixed incorrect from email address used for monthly update emails Fixed AcuMonitor UI notification to link to corresponding vulnerability Fixed issue causing vulnerability checks to not be able to send empty values Fixed a number of crashes Fixed issue causing ASP.NET sites to be processed as ASP sites Fixed 2 issues caused when using Swagger import files Improved handling of txt import files using incorrect import format Fixed Session Fixation false positive Fixed UI issue when configuring Custom Cookies Trend charts where not being updated for user accounts Fixed issue in excluded hours Fixed “Client Certificate Not Set” message incorrectly being reported Version 13 (build 13.0.200409107 – Windows and Linux) 9th April 2020 New Vulnerability Checks New check to warn user if server sends known password to client New check for RCE in Liferay Portal (CVE-2020-7961) Updates Improved detection of SQL Injection Fixes Fixed bbcode display issue in some alerts Fix in Login page password-guessing attack Fixed licensing issue caused by different case in Target address Version 13 (build 13.0.200401171 – Windows and Linux) 2nd April 2020 New Vulnerability Checks New WordPress plugin checks Updates Improved XXE check Improved internal IP disclosure check Vulnerabilities detected with 100% Confidence get a Verified stamp Fixes Fixed issue with response highlighting for SQL Injection alerts Fixed AcuMonitor alert notifications not linking to scan Fixed page not found UI issue when trying to generate a report from Reports page Fixed issue with scanner looping when parsing specific long JSON responses
