GovWay Console di Configurazione

Risk Level	Number of Alerts
High	0
Medium	0
Low	0
Informational	1

Name	Risk Level	Number of Instances
User Controllable HTML Element Attribute (Potential XSS)	Informational	2

Informational	User Controllable HTML Element Attribute (Potential XSS)
Description	This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.

URL	http://127.0.0.1:8080/govwayConsole/import.do?__prevTabKey__=9969d837-1311-4a65-b92d-b1078bac7314&modalita=import&resetSearch=yes
Node Name	http://127.0.0.1:8080/govwayConsole/import.do (__prevTabKey__,modalita,resetSearch)
Method	GET
Parameter	modalita
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/import.do?__prevTabKey__=9969d837-1311-4a65-b92d-b1078bac7314&modalita=import&resetSearch=yes appears to include user input in: a(n) [a] tag [title] attribute The user input found was: modalita=import The user-controlled value was: importa
URL	http://127.0.0.1:8080/govwayConsole/import.do?__prevTabKey__=9969d837-1311-4a65-b92d-b1078bac7314&modalita=import&resetSearch=yes
Node Name	http://127.0.0.1:8080/govwayConsole/import.do (__prevTabKey__,modalita,resetSearch)
Method	GET
Parameter	resetSearch
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/import.do?__prevTabKey__=9969d837-1311-4a65-b92d-b1078bac7314&modalita=import&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: resetSearch=yes The user-controlled value was: yes
Instances	2
Solution	Validate all input and sanitize output it before writing to any HTML attributes.
Reference	https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
CWE Id	20
WASC Id	20
Plugin Id	10031

Informational

User Controllable HTML Element Attribute (Potential XSS)

Description

This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.

URL

http://127.0.0.1:8080/govwayConsole/import.do?__prevTabKey__=9969d837-1311-4a65-b92d-b1078bac7314&modalita=import&resetSearch=yes

Node Name

http://127.0.0.1:8080/govwayConsole/import.do (__prevTabKey__,modalita,resetSearch)

Method

GET

Parameter

modalita

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:

http://127.0.0.1:8080/govwayConsole/import.do?__prevTabKey__=9969d837-1311-4a65-b92d-b1078bac7314&modalita=import&resetSearch=yes

appears to include user input in:

a(n) [a] tag [title] attribute

The user input found was:

modalita=import

The user-controlled value was:

importa

URL

http://127.0.0.1:8080/govwayConsole/import.do?__prevTabKey__=9969d837-1311-4a65-b92d-b1078bac7314&modalita=import&resetSearch=yes

Node Name

http://127.0.0.1:8080/govwayConsole/import.do (__prevTabKey__,modalita,resetSearch)

Method

GET

Parameter

resetSearch

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:

http://127.0.0.1:8080/govwayConsole/import.do?__prevTabKey__=9969d837-1311-4a65-b92d-b1078bac7314&modalita=import&resetSearch=yes

appears to include user input in:

a(n) [input] tag [value] attribute

The user input found was:

resetSearch=yes

The user-controlled value was:

yes

Instances

Solution

Validate all input and sanitize output it before writing to any HTML attributes.

Reference

https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html

CWE Id

WASC Id

Plugin Id

10031

GovWay Console di Configurazione

Site: http://127.0.0.1:8080/govwayConsole/import.do

Generated on Sat, 11 Apr 2026 16:57:21

ZAP Version: 2.17.0

ZAP by Checkmarx

Summary of Alerts

Alerts

Alert Detail