10031 10031 User Controllable HTML Element Attribute (Potential XSS) User Controllable HTML Element Attribute (Potential XSS) 0 1 Informational (Low) Low <p>This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.</p> http://127.0.0.1:8080/govwayConsole/import.do?__prevTabKey__=9969d837-1311-4a65-b92d-b1078bac7314&modalita=import&resetSearch=yes http://127.0.0.1:8080/govwayConsole/import.do (__prevTabKey__,modalita,resetSearch) GET modalita User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/import.do?__prevTabKey__=9969d837-1311-4a65-b92d-b1078bac7314&modalita=import&resetSearch=yes appears to include user input in: a(n) [a] tag [title] attribute The user input found was: modalita=import The user-controlled value was: importa http://127.0.0.1:8080/govwayConsole/import.do?__prevTabKey__=9969d837-1311-4a65-b92d-b1078bac7314&modalita=import&resetSearch=yes http://127.0.0.1:8080/govwayConsole/import.do (__prevTabKey__,modalita,resetSearch) GET resetSearch User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/import.do?__prevTabKey__=9969d837-1311-4a65-b92d-b1078bac7314&modalita=import&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: resetSearch=yes The user-controlled value was: yes 2 false <p>Validate all input and sanitize output it before writing to any HTML attributes.</p> <p>User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:</p><p></p><p>http://127.0.0.1:8080/govwayConsole/import.do?__prevTabKey__=9969d837-1311-4a65-b92d-b1078bac7314&modalita=import&resetSearch=yes</p><p></p><p>appears to include user input in:</p><p>a(n) [a] tag [title] attribute</p><p></p><p>The user input found was:</p><p>modalita=import</p><p></p><p>The user-controlled value was:</p><p>importa</p> <p>https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html</p> 20 20 110 Info Informational http://127.0.0.1:8080 insight.code.2xx Percentage of responses with status code 2xx 94 Info Informational http://127.0.0.1:8080 insight.code.3xx Percentage of responses with status code 3xx 2 Info Informational http://127.0.0.1:8080 insight.code.5xx Percentage of responses with status code 5xx 3 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.application/zip Percentage of endpoints with content type application/zip 1 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.image/gif Percentage of endpoints with content type image/gif 1 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.image/png Percentage of endpoints with content type image/png 5 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.image/x-icon Percentage of endpoints with content type image/x-icon 1 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.text/css Percentage of endpoints with content type text/css 8 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.text/html Percentage of endpoints with content type text/html 73 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.text/javascript Percentage of endpoints with content type text/javascript 8 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.text/plain Percentage of endpoints with content type text/plain 1 Info Informational http://127.0.0.1:8080 insight.endpoint.method.GET Percentage of endpoints with method GET 59 Info Informational http://127.0.0.1:8080 insight.endpoint.method.POST Percentage of endpoints with method POST 40 Info Informational http://127.0.0.1:8080 insight.endpoint.total Count of total endpoints 155 Info Informational http://127.0.0.1:8080 insight.response.slow Percentage of slow responses 52