GovWay Console di Configurazione
GovWay Console di Configurazione
| Risk Level | Number of Alerts |
|---|---|
|
High
|
0
|
|
Medium
|
0
|
|
Low
|
0
|
|
Informational
|
1
|
| Name | Risk Level | Number of Instances |
|---|---|---|
| User Controllable HTML Element Attribute (Potential XSS) | Informational | 25 |
|
Informational |
User Controllable HTML Element Attribute (Potential XSS) |
|---|---|
| Description |
This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | CTCacheAlgoritmo |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTCacheAlgoritmo=LRU
The user-controlled value was:
lru
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | CTCacheDimensione |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTCacheDimensione=10000
The user-controlled value was:
10000
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | CTCacheLifeTime |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTCacheLifeTime=300
The user-controlled value was:
300
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | CTCacheStato |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTCacheStato=disabilitato
The user-controlled value was:
disabilitato
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | CTFirstTime |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTFirstTime=false
The user-controlled value was:
false
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | ctHttpMode |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [option] tag [value] attribute
The user input found was:
ctHttpMode=default
The user-controlled value was:
default
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | CTNumMaxReqStato |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [option] tag [value] attribute
The user input found was:
CTNumMaxReqStato=abilitato
The user-controlled value was:
abilitato
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | CTNumMaxReqTipoErrore |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTNumMaxReqTipoErrore=http429
The user-controlled value was:
http429
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | CTNumMaxReqTipoErroreDescr |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTNumMaxReqTipoErroreDescr=true
The user-controlled value was:
true
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | CTpercentualeCongestioneThreshold |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [option] tag [value] attribute
The user input found was:
CTpercentualeCongestioneThreshold=55
The user-controlled value was:
55
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | CTRateLimitTipoErrore |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTRateLimitTipoErrore=http429
The user-controlled value was:
http429
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | CTRateLimitTipoErroreDescr |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTRateLimitTipoErroreDescr=true
The user-controlled value was:
true
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | CTStatoControlloCongestione |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [option] tag [value] attribute
The user input found was:
CTStatoControlloCongestione=abilitato
The user-controlled value was:
abilitato
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | ctSyncMode |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [option] tag [value] attribute
The user input found was:
ctSyncMode=default
The user-controlled value was:
default
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) |
| Method | POST |
| Parameter | edit-mode |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
edit-mode=end
The user-controlled value was:
end
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) |
| Method | POST |
| Parameter | ConfigurazioneFirstTime |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
ConfigurazioneFirstTime=false
The user-controlled value was:
false
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) |
| Method | POST |
| Parameter | CTCacheAlgoritmo |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTCacheAlgoritmo=LRU
The user-controlled value was:
lru
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) |
| Method | POST |
| Parameter | CTCacheDimensione |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTCacheDimensione=10000
The user-controlled value was:
10000
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) |
| Method | POST |
| Parameter | CTCacheLifeTime |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTCacheLifeTime=300
The user-controlled value was:
300
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) |
| Method | POST |
| Parameter | CTCacheStato |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [option] tag [value] attribute
The user input found was:
CTCacheStato=disabilitato
The user-controlled value was:
disabilitato
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) |
| Method | POST |
| Parameter | CTFirstTime |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTFirstTime=false
The user-controlled value was:
false
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) |
| Method | POST |
| Parameter | CTNumMaxReqTipoErrore |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTNumMaxReqTipoErrore=http429
The user-controlled value was:
http429
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) |
| Method | POST |
| Parameter | CTNumMaxReqTipoErroreDescr |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTNumMaxReqTipoErroreDescr=true
The user-controlled value was:
true
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) |
| Method | POST |
| Parameter | CTRateLimitTipoErrore |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTRateLimitTipoErrore=http429
The user-controlled value was:
http429
|
| URL | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do |
| Node Name | http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) |
| Method | POST |
| Parameter | CTRateLimitTipoErroreDescr |
| Attack | |
| Evidence | |
| Other Info |
User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:
http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do
appears to include user input in:
a(n) [input] tag [value] attribute
The user input found was:
CTRateLimitTipoErroreDescr=true
The user-controlled value was:
true
|
| Instances | 25 |
| Solution |
Validate all input and sanitize output it before writing to any HTML attributes.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html |
| CWE Id | 20 |
| WASC Id | 20 |
| Plugin Id | 10031 |