{ "@programName": "ZAP", "@version": "2.17.0", "@generated": "Sat, 11 Apr 2026 16:49:08", "created": "2026-04-11T14:49:08.857446155Z", "insights":[ { "level": "Info", "reason": "Informational", "site": "", "key": "insight.network.failure", "description": "Percentage of network failures", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.code.2xx", "description": "Percentage of responses with status code 2xx", "statistic": "87" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.code.3xx", "description": "Percentage of responses with status code 3xx", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.code.4xx", "description": "Percentage of responses with status code 4xx", "statistic": "6" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.code.5xx", "description": "Percentage of responses with status code 5xx", "statistic": "4" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.application/zip", "description": "Percentage of endpoints with content type application/zip", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.image/gif", "description": "Percentage of endpoints with content type image/gif", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.image/png", "description": "Percentage of endpoints with content type image/png", "statistic": "5" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.image/x-icon", "description": "Percentage of endpoints with content type image/x-icon", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/css", "description": "Percentage of endpoints with content type text/css", "statistic": "8" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/html", "description": "Percentage of endpoints with content type text/html", "statistic": "73" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/javascript", "description": "Percentage of endpoints with content type text/javascript", "statistic": "8" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/plain", "description": "Percentage of endpoints with content type text/plain", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.method.GET", "description": "Percentage of endpoints with method GET", "statistic": "59" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.method.POST", "description": "Percentage of endpoints with method POST", "statistic": "40" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.total", "description": "Count of total endpoints", "statistic": "157" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.response.slow", "description": "Percentage of slow responses", "statistic": "24" } ], "site":[ { "@name": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do", "@host": "127.0.0.1", "@port": "8080", "@ssl": "false", "alerts": [ { "pluginid": "10031", "alertRef": "10031", "alert": "User Controllable HTML Element Attribute (Potential XSS)", "name": "User Controllable HTML Element Attribute (Potential XSS)", "riskcode": "0", "confidence": "1", "riskdesc": "Informational (Low)", "desc": "

This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.

", "instances":[ { "id": "4165", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "__fake__search__", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [td] tag [id] attribute\n\nThe user input found was:\n__fake__search__=search\n\nThe user-controlled value was:\nsearchformheader" }, { "id": "4167", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_0=filtroProtocollo\n\nThe user-controlled value was:\nfiltroprotocollo" }, { "id": "4168", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_1", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_1=filtroServiceBinding\n\nThe user-controlled value was:\nfiltroservicebinding" }, { "id": "4200", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_10", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_10=filtroAutenticazioneTrasportoTipo\n\nThe user-controlled value was:\nfiltroautenticazionetrasportotipo" }, { "id": "4201", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_11", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_11=filtroConfigurazioneRateLimitingStato\n\nThe user-controlled value was:\nfiltroconfigurazioneratelimitingstato" }, { "id": "4210", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_12", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_12=filtroConfigurazioneValidazioneStato\n\nThe user-controlled value was:\nfiltroconfigurazionevalidazionestato" }, { "id": "4219", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_13", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_13=filtroConfigurazioneCacheRispostaStato\n\nThe user-controlled value was:\nfiltroconfigurazionecacherispostastato" }, { "id": "4228", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_14", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_14=filtroConfigurazioneMessageSecurityStato\n\nThe user-controlled value was:\nfiltroconfigurazionemessagesecuritystato" }, { "id": "4257", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_15", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_15=filtroConfigurazioneMTOMStato\n\nThe user-controlled value was:\nfiltroconfigurazionemtomstato" }, { "id": "4289", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_16", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_16=filtroConfigurazioneTrasformazione\n\nThe user-controlled value was:\nfiltroconfigurazionetrasformazione" }, { "id": "4298", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_17", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_17=filtroConfigurazioneTransazioni\n\nThe user-controlled value was:\nfiltroconfigurazionetransazioni" }, { "id": "4301", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_18", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_18=filtroConfigurazioneCorrelazioneApplicativaStato\n\nThe user-controlled value was:\nfiltroconfigurazionecorrelazioneapplicativastato" }, { "id": "4326", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_19", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_19=filtroConfigurazioneDumpTipo\n\nThe user-controlled value was:\nfiltroconfigurazionedumptipo" }, { "id": "4170", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_2", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_2=filtroGruppo\n\nThe user-controlled value was:\nfiltrogruppo" }, { "id": "4329", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_20", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_20=filtroConfigurazioneCorsTipo\n\nThe user-controlled value was:\nfiltroconfigurazionecorstipo" }, { "id": "4332", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_21", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_21=subtDatiProp\n\nThe user-controlled value was:\nsubtdatiprop" }, { "id": "4333", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_22", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_22=filtroPropNome\n\nThe user-controlled value was:\nfiltropropnome" }, { "id": "4335", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_23", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_23=filtroPropValore\n\nThe user-controlled value was:\nfiltropropvalore" }, { "id": "4179", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_3", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_3=subtDatiConn\n\nThe user-controlled value was:\nsubtdaticonn" }, { "id": "4180", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_4", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_4=filtroConnettoreTipo\n\nThe user-controlled value was:\nfiltroconnettoretipo" }, { "id": "4181", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_5", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_5=filtroConnettoreTokenPolicy\n\nThe user-controlled value was:\nfiltroconnettoretokenpolicy" }, { "id": "4184", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_6", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_6=filtroConnettoreEndpoint\n\nThe user-controlled value was:\nfiltroconnettoreendpoint" }, { "id": "4188", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_7", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_7=subtDatiConf\n\nThe user-controlled value was:\nsubtdaticonf" }, { "id": "4189", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_8", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_8=filtroConfigurazioneStato\n\nThe user-controlled value was:\nfiltroconfigurazionestato" }, { "id": "4198", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_9", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_9=filtroAutenticazioneTokenTipo\n\nThe user-controlled value was:\nfiltroautenticazionetokentipo" }, { "id": "4169", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_1", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_1=soap\n\nThe user-controlled value was:\nsoap" }, { "id": "4190", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_11", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_11=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "4191", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_12", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_12=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "4192", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_13", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_13=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "4193", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_14", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_14=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "4194", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_15", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_15=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "4195", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_16", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_16=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "4299", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_17", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_17=Default\n\nThe user-controlled value was:\ndefault" }, { "id": "4196", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_18", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_18=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "4300", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_19", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_19=Default\n\nThe user-controlled value was:\ndefault" }, { "id": "4171", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_2", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_2=AltroTag\n\nThe user-controlled value was:\naltrotag" }, { "id": "4334", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_22", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_22=algo\n\nThe user-controlled value was:\nalgo" }, { "id": "4176", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_23", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterValue_23=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "4182", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_5", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_5=api-config-test-jwt\n\nThe user-controlled value was:\napi-config-test-jwt" }, { "id": "4177", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_6", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterValue_6=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "4197", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_8", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_8=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "4199", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_9", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_9=AutenticazioneInternaRiconoscimentoApplicativoModI\n\nThe user-controlled value was:\nautenticazioneinternariconoscimentoapplicativomodi" }, { "id": "4178", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_3,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_3,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "search", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nsearch=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "6613", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "__fake__search__", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [td] tag [id] attribute\n\nThe user input found was:\n__fake__search__=search\n\nThe user-controlled value was:\nsearchformheader" }, { "id": "6615", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_0=filtroProtocollo\n\nThe user-controlled value was:\nfiltroprotocollo" }, { "id": "6616", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_1", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_1=filtroServiceBinding\n\nThe user-controlled value was:\nfiltroservicebinding" }, { "id": "6648", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_10", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_10=filtroAutenticazioneTrasportoTipo\n\nThe user-controlled value was:\nfiltroautenticazionetrasportotipo" }, { "id": "6649", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_11", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_11=filtroConfigurazioneRateLimitingStato\n\nThe user-controlled value was:\nfiltroconfigurazioneratelimitingstato" }, { "id": "6658", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_12", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_12=filtroConfigurazioneValidazioneStato\n\nThe user-controlled value was:\nfiltroconfigurazionevalidazionestato" }, { "id": "6667", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_13", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_13=filtroConfigurazioneCacheRispostaStato\n\nThe user-controlled value was:\nfiltroconfigurazionecacherispostastato" }, { "id": "6676", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_14", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_14=filtroConfigurazioneMessageSecurityStato\n\nThe user-controlled value was:\nfiltroconfigurazionemessagesecuritystato" }, { "id": "6701", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_15", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_15=filtroConfigurazioneMTOMStato\n\nThe user-controlled value was:\nfiltroconfigurazionemtomstato" }, { "id": "6726", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_16", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_16=filtroConfigurazioneTrasformazione\n\nThe user-controlled value was:\nfiltroconfigurazionetrasformazione" }, { "id": "6735", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_17", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_17=filtroConfigurazioneTransazioni\n\nThe user-controlled value was:\nfiltroconfigurazionetransazioni" }, { "id": "6738", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_18", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_18=filtroConfigurazioneCorrelazioneApplicativaStato\n\nThe user-controlled value was:\nfiltroconfigurazionecorrelazioneapplicativastato" }, { "id": "6763", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_19", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_19=filtroConfigurazioneDumpTipo\n\nThe user-controlled value was:\nfiltroconfigurazionedumptipo" }, { "id": "6618", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_2", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_2=filtroGruppo\n\nThe user-controlled value was:\nfiltrogruppo" }, { "id": "6766", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_20", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_20=filtroConfigurazioneCorsTipo\n\nThe user-controlled value was:\nfiltroconfigurazionecorstipo" }, { "id": "6769", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_21", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_21=subtDatiProp\n\nThe user-controlled value was:\nsubtdatiprop" }, { "id": "6770", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_22", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_22=filtroPropNome\n\nThe user-controlled value was:\nfiltropropnome" }, { "id": "6772", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_23", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_23=filtroPropValore\n\nThe user-controlled value was:\nfiltropropvalore" }, { "id": "6627", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_3", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_3=subtDatiConn\n\nThe user-controlled value was:\nsubtdaticonn" }, { "id": "6628", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_4", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_4=filtroConnettoreTipo\n\nThe user-controlled value was:\nfiltroconnettoretipo" }, { "id": "6629", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_5", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_5=filtroConnettoreTokenPolicy\n\nThe user-controlled value was:\nfiltroconnettoretokenpolicy" }, { "id": "6632", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_6", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_6=filtroConnettoreEndpoint\n\nThe user-controlled value was:\nfiltroconnettoreendpoint" }, { "id": "6636", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_7", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_7=subtDatiConf\n\nThe user-controlled value was:\nsubtdaticonf" }, { "id": "6637", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_8", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_8=filtroConfigurazioneStato\n\nThe user-controlled value was:\nfiltroconfigurazionestato" }, { "id": "6646", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterName_9", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_9=filtroAutenticazioneTokenTipo\n\nThe user-controlled value was:\nfiltroautenticazionetokentipo" }, { "id": "6617", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_1", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_1=soap\n\nThe user-controlled value was:\nsoap" }, { "id": "6638", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_11", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_11=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "6639", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_12", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_12=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "6640", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_13", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_13=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "6641", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_14", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_14=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "6642", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_15", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_15=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "6643", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_16", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_16=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "6736", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_17", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_17=Default\n\nThe user-controlled value was:\ndefault" }, { "id": "6644", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_18", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_18=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "6737", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_19", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_19=Default\n\nThe user-controlled value was:\ndefault" }, { "id": "6619", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_2", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_2=AltroTag\n\nThe user-controlled value was:\naltrotag" }, { "id": "6771", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_22", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_22=algo\n\nThe user-controlled value was:\nalgo" }, { "id": "6624", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_23", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterValue_23=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "6630", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_5", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_5=api-config-test-jwt\n\nThe user-controlled value was:\napi-config-test-jwt" }, { "id": "6625", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_6", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterValue_6=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "6645", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_8", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_8=Abilitato\n\nThe user-controlled value was:\nabilitato" }, { "id": "6647", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "filterValue_9", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_9=AutenticazioneInternaRiconoscimentoApplicativoModI\n\nThe user-controlled value was:\nautenticazioneinternariconoscimentoapplicativomodi" }, { "id": "6626", "uri": "http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/aspsErogazioniList.do (__prevTabKey__,_tabKey_tipologiaErogazione,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_13,filterName_14,filterName_15,filterName_16,filterName_17,filterName_18,filterName_19,filterName_2,filterName_20,filterName_21,filterName_22,filterName_23,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_1,filterValue_11,filterValue_12,filterValue_13,filterValue_14,filterValue_15,filterValue_16,filterValue_17,filterValue_18,filterValue_19,filterValue_2,filterValue_22,filterValue_23,filterValue_5,filterValue_6,filterValue_8,filterValue_9,search)", "method": "POST", "param": "search", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nsearch=ZAP\n\nThe user-controlled value was:\nzap" } ], "count": "86", "systemic": false, "solution": "

Validate all input and sanitize output it before writing to any HTML attributes.

", "otherinfo": "

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:

http://127.0.0.1:8080/govwayConsole/aspsErogazioniList.do?__prevTabKey__=a32fd97f-3018-4294-9648-2e587da1fe4b&_tabKey_tipologiaErogazione=erogazione&resetSearch=yes

appears to include user input in:

a(n) [td] tag [id] attribute

The user input found was:

__fake__search__=search

The user-controlled value was:

searchformheader

", "reference": "

https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html

", "cweid": "20", "wascid": "20", "sourceid": "297" } ] } ], "sequences":[ ] }