GovWay Console di Configurazione

Site: http://127.0.0.1:8080/govwayConsole/utentiList.do

Generated on Tue, 24 Feb 2026 05:08:48

ZAP Version: 2.17.0

Summary of Alerts

Risk Level	Number of Alerts
High	0
Medium	0
Low	0
Informational	1

Risk Level

Number of Alerts

High

Medium

Low

Informational

Alerts

Name	Risk Level	Number of Instances
User Controllable HTML Element Attribute (Potential XSS)	Informational	5

Name

Risk Level

Number of Instances

User Controllable HTML Element Attribute (Potential XSS)

Informational

Alert Detail

Informational	User Controllable HTML Element Attribute (Potential XSS)
Description	This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.

URL	http://127.0.0.1:8080/govwayConsole/utentiList.do
Node Name	http://127.0.0.1:8080/govwayConsole/utentiList.do ()(_csrf,chkAll,search,selectcheckbox)
Method	POST
Parameter	search
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/utentiList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap
URL	http://127.0.0.1:8080/govwayConsole/utentiList.do
Node Name	http://127.0.0.1:8080/govwayConsole/utentiList.do ()(_csrf,search)
Method	POST
Parameter	search
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/utentiList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap
URL	http://127.0.0.1:8080/govwayConsole/utentiList.do?__prevTabKey__=2140b34b-ff4c-4b76-95f3-b84a25baf008
Node Name	http://127.0.0.1:8080/govwayConsole/utentiList.do (__prevTabKey__)(_csrf,chkAll,search,selectcheckbox)
Method	POST
Parameter	search
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/utentiList.do?__prevTabKey__=2140b34b-ff4c-4b76-95f3-b84a25baf008 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap
URL	http://127.0.0.1:8080/govwayConsole/utentiList.do?__prevTabKey__=c801c973-a171-40bf-947b-88ccf0fcc06e&resetSearch=yes
Node Name	http://127.0.0.1:8080/govwayConsole/utentiList.do (__prevTabKey__,resetSearch)(_csrf,chkAll,search,selectcheckbox)
Method	POST
Parameter	search
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/utentiList.do?__prevTabKey__=c801c973-a171-40bf-947b-88ccf0fcc06e&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap
URL	http://127.0.0.1:8080/govwayConsole/utentiList.do?__prevTabKey__=c801c973-a171-40bf-947b-88ccf0fcc06e&resetSearch=yes
Node Name	http://127.0.0.1:8080/govwayConsole/utentiList.do (__prevTabKey__,resetSearch)(_csrf,search)
Method	POST
Parameter	search
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/utentiList.do?__prevTabKey__=c801c973-a171-40bf-947b-88ccf0fcc06e&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap
Instances	5
Solution	Validate all input and sanitize output it before writing to any HTML attributes.
Reference	https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
CWE Id	20
WASC Id	20
Plugin Id	10031

Informational

User Controllable HTML Element Attribute (Potential XSS)

Description

This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.

URL

http://127.0.0.1:8080/govwayConsole/utentiList.do

Node Name

http://127.0.0.1:8080/govwayConsole/utentiList.do ()(_csrf,chkAll,search,selectcheckbox)

Method

POST

Parameter

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/utentiList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap

URL

http://127.0.0.1:8080/govwayConsole/utentiList.do

Node Name

http://127.0.0.1:8080/govwayConsole/utentiList.do ()(_csrf,search)

Method

POST

Parameter

Attack

Evidence

Other Info

URL

http://127.0.0.1:8080/govwayConsole/utentiList.do?__prevTabKey__=2140b34b-ff4c-4b76-95f3-b84a25baf008

Node Name

http://127.0.0.1:8080/govwayConsole/utentiList.do (__prevTabKey__)(_csrf,chkAll,search,selectcheckbox)

Method

POST

Parameter

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/utentiList.do?__prevTabKey__=2140b34b-ff4c-4b76-95f3-b84a25baf008 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap

URL

http://127.0.0.1:8080/govwayConsole/utentiList.do?__prevTabKey__=c801c973-a171-40bf-947b-88ccf0fcc06e&resetSearch=yes

Node Name

http://127.0.0.1:8080/govwayConsole/utentiList.do (__prevTabKey__,resetSearch)(_csrf,chkAll,search,selectcheckbox)

Method

POST

Parameter

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/utentiList.do?__prevTabKey__=c801c973-a171-40bf-947b-88ccf0fcc06e&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap

URL

http://127.0.0.1:8080/govwayConsole/utentiList.do?__prevTabKey__=c801c973-a171-40bf-947b-88ccf0fcc06e&resetSearch=yes

Node Name

http://127.0.0.1:8080/govwayConsole/utentiList.do (__prevTabKey__,resetSearch)(_csrf,search)

Method

POST

Parameter

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/utentiList.do?__prevTabKey__=c801c973-a171-40bf-947b-88ccf0fcc06e&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap

Instances

Solution

Validate all input and sanitize output it before writing to any HTML attributes.

Reference

https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html

CWE Id

WASC Id

Plugin Id

10031

GovWay Console di Configurazione

Site: http://127.0.0.1:8080/govwayConsole/utentiList.do

Generated on Tue, 24 Feb 2026 05:08:48

ZAP Version: 2.17.0

ZAP by Checkmarx

Summary of Alerts

Alerts

Alert Detail