{ "@programName": "ZAP", "@version": "2.17.0", "@generated": "Sat, 11 Apr 2026 16:45:51", "created": "2026-04-11T14:45:51.170823595Z", "insights":[ { "level": "Info", "reason": "Informational", "site": "", "key": "insight.network.failure", "description": "Percentage of network failures", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.code.2xx", "description": "Percentage of responses with status code 2xx", "statistic": "56" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.code.3xx", "description": "Percentage of responses with status code 3xx", "statistic": "9" }, { "level": "Info", "reason": "Exceeded Low", "site": "http://127.0.0.1:8080", "key": "insight.code.4xx", "description": "Percentage of responses with status code 4xx", "statistic": "32" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.code.5xx", "description": "Percentage of responses with status code 5xx", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.image/gif", "description": "Percentage of endpoints with content type image/gif", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.image/png", "description": "Percentage of endpoints with content type image/png", "statistic": "4" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.image/x-icon", "description": "Percentage of endpoints with content type image/x-icon", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/css", "description": "Percentage of endpoints with content type text/css", "statistic": "6" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/html", "description": "Percentage of endpoints with content type text/html", "statistic": "72" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/javascript", "description": "Percentage of endpoints with content type text/javascript", "statistic": "6" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.method.GET", "description": "Percentage of endpoints with method GET", "statistic": "66" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.method.POST", "description": "Percentage of endpoints with method POST", "statistic": "33" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.total", "description": "Count of total endpoints", "statistic": "195" }, { "level": "Info", "reason": "Exceeded Low", "site": "http://127.0.0.1:8080", "key": "insight.response.slow", "description": "Percentage of slow responses", "statistic": "14" }, { "level": "Info", "reason": "Informational", "site": "https://consent.cookiebot.com", "key": "insight.code.2xx", "description": "Percentage of responses with status code 2xx", "statistic": "100" }, { "level": "Info", "reason": "Informational", "site": "https://consent.cookiebot.com", "key": "insight.response.slow", "description": "Percentage of slow responses", "statistic": "23" }, { "level": "Info", "reason": "Informational", "site": "https://consentcdn.cookiebot.com", "key": "insight.code.2xx", "description": "Percentage of responses with status code 2xx", "statistic": "100" }, { "level": "Info", "reason": "Informational", "site": "https://fonts.googleapis.com", "key": "insight.code.2xx", "description": "Percentage of responses with status code 2xx", "statistic": "100" }, { "level": "Info", "reason": "Informational", "site": "https://js-eu1.hs-scripts.com", "key": "insight.code.2xx", "description": "Percentage of responses with status code 2xx", "statistic": "100" }, { "level": "Info", "reason": "Informational", "site": "https://link.it", "key": "insight.code.3xx", "description": "Percentage of responses with status code 3xx", "statistic": "100" }, { "level": "Info", "reason": "Informational", "site": "https://pagead2.googlesyndication.com", "key": "insight.code.2xx", "description": "Percentage of responses with status code 2xx", "statistic": "100" }, { "level": "Info", "reason": "Informational", "site": "https://region1.google-analytics.com", "key": "insight.code.2xx", "description": "Percentage of responses with status code 2xx", "statistic": "100" }, { "level": "Info", "reason": "Informational", "site": "https://www.googletagmanager.com", "key": "insight.code.2xx", "description": "Percentage of responses with status code 2xx", "statistic": "100" }, { "level": "Info", "reason": "Informational", "site": "https://www.googletagmanager.com", "key": "insight.response.slow", "description": "Percentage of slow responses", "statistic": "25" }, { "level": "Info", "reason": "Informational", "site": "https://www.link.it", "key": "insight.code.2xx", "description": "Percentage of responses with status code 2xx", "statistic": "100" }, { "level": "Info", "reason": "Informational", "site": "https://www.link.it", "key": "insight.response.slow", "description": "Percentage of slow responses", "statistic": "5" } ], "site":[ { "@name": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "@host": "127.0.0.1", "@port": "8080", "@ssl": "false", "alerts": [ { "pluginid": "10031", "alertRef": "10031", "alert": "User Controllable HTML Element Attribute (Potential XSS)", "name": "User Controllable HTML Element Attribute (Potential XSS)", "riskcode": "0", "confidence": "1", "riskdesc": "Informational (Low)", "desc": "

This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.

", "instances":[ { "id": "656", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "CTCacheAlgoritmo", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTCacheAlgoritmo=LRU\n\nThe user-controlled value was:\nlru" }, { "id": "655", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "CTCacheDimensione", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTCacheDimensione=10000\n\nThe user-controlled value was:\n10000" }, { "id": "657", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "CTCacheLifeTime", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTCacheLifeTime=300\n\nThe user-controlled value was:\n300" }, { "id": "654", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "CTCacheStato", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTCacheStato=disabilitato\n\nThe user-controlled value was:\ndisabilitato" }, { "id": "645", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "CTFirstTime", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTFirstTime=false\n\nThe user-controlled value was:\nfalse" }, { "id": "8299", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "ctHttpMode", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nctHttpMode=default\n\nThe user-controlled value was:\ndefault" }, { "id": "8233", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "CTNumMaxReqStato", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nCTNumMaxReqStato=abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "648", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "CTNumMaxReqTipoErrore", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTNumMaxReqTipoErrore=http429\n\nThe user-controlled value was:\nhttp429" }, { "id": "646", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "CTNumMaxReqTipoErroreDescr", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTNumMaxReqTipoErroreDescr=true\n\nThe user-controlled value was:\ntrue" }, { "id": "8272", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "CTpercentualeCongestioneThreshold", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nCTpercentualeCongestioneThreshold=55\n\nThe user-controlled value was:\n55" }, { "id": "649", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "CTRateLimitTipoErrore", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTRateLimitTipoErrore=http429\n\nThe user-controlled value was:\nhttp429" }, { "id": "647", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "CTRateLimitTipoErroreDescr", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTRateLimitTipoErroreDescr=true\n\nThe user-controlled value was:\ntrue" }, { "id": "8237", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "CTStatoControlloCongestione", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nCTStatoControlloCongestione=abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "8300", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "ctSyncMode", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nctSyncMode=default\n\nThe user-controlled value was:\ndefault" }, { "id": "8202", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode)", "method": "POST", "param": "edit-mode", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nedit-mode=end\n\nThe user-controlled value was:\nend" }, { "id": "3152", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl)", "method": "POST", "param": "ConfigurazioneFirstTime", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nConfigurazioneFirstTime=false\n\nThe user-controlled value was:\nfalse" }, { "id": "3209", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl)", "method": "POST", "param": "CTCacheAlgoritmo", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTCacheAlgoritmo=LRU\n\nThe user-controlled value was:\nlru" }, { "id": "3201", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl)", "method": "POST", "param": "CTCacheDimensione", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTCacheDimensione=10000\n\nThe user-controlled value was:\n10000" }, { "id": "3216", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl)", "method": "POST", "param": "CTCacheLifeTime", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTCacheLifeTime=300\n\nThe user-controlled value was:\n300" }, { "id": "3154", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl)", "method": "POST", "param": "CTCacheStato", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nCTCacheStato=disabilitato\n\nThe user-controlled value was:\ndisabilitato" }, { "id": "3149", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl)", "method": "POST", "param": "CTFirstTime", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTFirstTime=false\n\nThe user-controlled value was:\nfalse" }, { "id": "3165", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl)", "method": "POST", "param": "CTNumMaxReqTipoErrore", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTNumMaxReqTipoErrore=http429\n\nThe user-controlled value was:\nhttp429" }, { "id": "3157", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl)", "method": "POST", "param": "CTNumMaxReqTipoErroreDescr", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTNumMaxReqTipoErroreDescr=true\n\nThe user-controlled value was:\ntrue" }, { "id": "3169", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl)", "method": "POST", "param": "CTRateLimitTipoErrore", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTRateLimitTipoErrore=http429\n\nThe user-controlled value was:\nhttp429" }, { "id": "3161", "uri": "http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl)", "method": "POST", "param": "CTRateLimitTipoErroreDescr", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nCTRateLimitTipoErroreDescr=true\n\nThe user-controlled value was:\ntrue" } ], "count": "25", "systemic": false, "solution": "

Validate all input and sanitize output it before writing to any HTML attributes.

", "otherinfo": "

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:

http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do

appears to include user input in:

a(n) [input] tag [value] attribute

The user input found was:

CTCacheAlgoritmo=LRU

The user-controlled value was:

lru

", "reference": "

https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html

", "cweid": "20", "wascid": "20", "sourceid": "219" } ] } ], "sequences":[ ] }