10031 10031 User Controllable HTML Element Attribute (Potential XSS) User Controllable HTML Element Attribute (Potential XSS) 0 1 Informational (Low) Low <p>This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.</p> http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST CTCacheAlgoritmo User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTCacheAlgoritmo=LRU The user-controlled value was: lru http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST CTCacheDimensione User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTCacheDimensione=10000 The user-controlled value was: 10000 http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST CTCacheLifeTime User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTCacheLifeTime=300 The user-controlled value was: 300 http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST CTCacheStato User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTCacheStato=disabilitato The user-controlled value was: disabilitato http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST CTFirstTime User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTFirstTime=false The user-controlled value was: false http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST ctHttpMode User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [option] tag [value] attribute The user input found was: ctHttpMode=default The user-controlled value was: default http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST CTNumMaxReqStato User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [option] tag [value] attribute The user input found was: CTNumMaxReqStato=abilitato The user-controlled value was: abilitato http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST CTNumMaxReqTipoErrore User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTNumMaxReqTipoErrore=http429 The user-controlled value was: http429 http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST CTNumMaxReqTipoErroreDescr User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTNumMaxReqTipoErroreDescr=true The user-controlled value was: true http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST CTpercentualeCongestioneThreshold User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [option] tag [value] attribute The user input found was: CTpercentualeCongestioneThreshold=55 The user-controlled value was: 55 http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST CTRateLimitTipoErrore User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTRateLimitTipoErrore=http429 The user-controlled value was: http429 http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST CTRateLimitTipoErroreDescr User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTRateLimitTipoErroreDescr=true The user-controlled value was: true http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST CTStatoControlloCongestione User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [option] tag [value] attribute The user input found was: CTStatoControlloCongestione=abilitato The user-controlled value was: abilitato http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST ctSyncMode User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [option] tag [value] attribute The user input found was: ctSyncMode=default The user-controlled value was: default http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTConnectionTimeoutErogazione,CTConnectionTimeoutFruizione,CTFirstTime,CTNumMaxReqSoglia,CTNumMaxReqStato,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,CTReadTimeoutErogazione,CTReadTimeoutFruizione,CTStatoControlloCongestione,CTTempoMedioRispostaErogazione,CTTempoMedioRispostaFruizione,CTpercentualeCongestioneThreshold,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpMode,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl,ctSyncMode,edit-mode) POST edit-mode User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: edit-mode=end The user-controlled value was: end http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) POST ConfigurazioneFirstTime User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: ConfigurazioneFirstTime=false The user-controlled value was: false http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) POST CTCacheAlgoritmo User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTCacheAlgoritmo=LRU The user-controlled value was: lru http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) POST CTCacheDimensione User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTCacheDimensione=10000 The user-controlled value was: 10000 http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) POST CTCacheLifeTime User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTCacheLifeTime=300 The user-controlled value was: 300 http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) POST CTCacheStato User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [option] tag [value] attribute The user input found was: CTCacheStato=disabilitato The user-controlled value was: disabilitato http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) POST CTFirstTime User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTFirstTime=false The user-controlled value was: false http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) POST CTNumMaxReqTipoErrore User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTNumMaxReqTipoErrore=http429 The user-controlled value was: http429 http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) POST CTNumMaxReqTipoErroreDescr User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTNumMaxReqTipoErroreDescr=true The user-controlled value was: true http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) POST CTRateLimitTipoErrore User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTRateLimitTipoErrore=http429 The user-controlled value was: http429 http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do ()(CTCacheAlgoritmo,CTCacheDimensione,CTCacheIdleTime,CTCacheLifeTime,CTCacheStato,CTFirstTime,CTNumMaxReqTipoErrore,CTNumMaxReqTipoErroreDescr,CTRateLimitTipoErrore,CTRateLimitTipoErroreDescr,ConfigurazioneFirstTime,__i_hidden_locklabel_,__i_hidden_lockurl_,__i_hidden_lockvalue_,_csrf,ctCount,ctEngineType,ctHttpQuota,ctHttpRemaining,ctHttpReset,ctHttpRetryAfter,ctHttpRetryAfterBackoff,ctImpl) POST CTRateLimitTipoErroreDescr User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: CTRateLimitTipoErroreDescr=true The user-controlled value was: true 25 false <p>Validate all input and sanitize output it before writing to any HTML attributes.</p> <p>User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:</p><p></p><p>http://127.0.0.1:8080/govwayConsole/configurazioneControlloTraffico.do</p><p></p><p>appears to include user input in:</p><p>a(n) [input] tag [value] attribute</p><p></p><p>The user input found was:</p><p>CTCacheAlgoritmo=LRU</p><p></p><p>The user-controlled value was:</p><p>lru</p> <p>https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html</p> 20 20 219 Info Informational insight.network.failure Percentage of network failures 1 Info Informational http://127.0.0.1:8080 insight.code.2xx Percentage of responses with status code 2xx 56 Info Informational http://127.0.0.1:8080 insight.code.3xx Percentage of responses with status code 3xx 9 Info Exceeded Low http://127.0.0.1:8080 insight.code.4xx Percentage of responses with status code 4xx 32 Info Informational http://127.0.0.1:8080 insight.code.5xx Percentage of responses with status code 5xx 1 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.image/gif Percentage of endpoints with content type image/gif 1 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.image/png Percentage of endpoints with content type image/png 4 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.image/x-icon Percentage of endpoints with content type image/x-icon 1 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.text/css Percentage of endpoints with content type text/css 6 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.text/html Percentage of endpoints with content type text/html 72 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.text/javascript Percentage of endpoints with content type text/javascript 6 Info Informational http://127.0.0.1:8080 insight.endpoint.method.GET Percentage of endpoints with method GET 66 Info Informational http://127.0.0.1:8080 insight.endpoint.method.POST Percentage of endpoints with method POST 33 Info Informational http://127.0.0.1:8080 insight.endpoint.total Count of total endpoints 195 Info Exceeded Low http://127.0.0.1:8080 insight.response.slow Percentage of slow responses 14 Info Informational https://consent.cookiebot.com insight.code.2xx Percentage of responses with status code 2xx 100 Info Informational https://consent.cookiebot.com insight.response.slow Percentage of slow responses 23 Info Informational https://consentcdn.cookiebot.com insight.code.2xx Percentage of responses with status code 2xx 100 Info Informational https://fonts.googleapis.com insight.code.2xx Percentage of responses with status code 2xx 100 Info Informational https://js-eu1.hs-scripts.com insight.code.2xx Percentage of responses with status code 2xx 100 Info Informational https://link.it insight.code.3xx Percentage of responses with status code 3xx 100 Info Informational https://pagead2.googlesyndication.com insight.code.2xx Percentage of responses with status code 2xx 100 Info Informational https://region1.google-analytics.com insight.code.2xx Percentage of responses with status code 2xx 100 Info Informational https://www.googletagmanager.com insight.code.2xx Percentage of responses with status code 2xx 100 Info Informational https://www.googletagmanager.com insight.response.slow Percentage of slow responses 25 Info Informational https://www.link.it insight.code.2xx Percentage of responses with status code 2xx 100 Info Informational https://www.link.it insight.response.slow Percentage of slow responses 5