{ "@programName": "ZAP", "@version": "2.17.0", "@generated": "Sat, 11 Apr 2026 17:06:46", "created": "2026-04-11T15:06:46.679098612Z", "insights":[ { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.code.2xx", "description": "Percentage of responses with status code 2xx", "statistic": "94" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.code.3xx", "description": "Percentage of responses with status code 3xx", "statistic": "2" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.code.5xx", "description": "Percentage of responses with status code 5xx", "statistic": "3" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.application/zip", "description": "Percentage of endpoints with content type application/zip", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.image/gif", "description": "Percentage of endpoints with content type image/gif", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.image/png", "description": "Percentage of endpoints with content type image/png", "statistic": "5" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.image/x-icon", "description": "Percentage of endpoints with content type image/x-icon", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/css", "description": "Percentage of endpoints with content type text/css", "statistic": "8" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/html", "description": "Percentage of endpoints with content type text/html", "statistic": "74" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/javascript", "description": "Percentage of endpoints with content type text/javascript", "statistic": "8" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/plain", "description": "Percentage of endpoints with content type text/plain", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.method.GET", "description": "Percentage of endpoints with method GET", "statistic": "59" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.method.POST", "description": "Percentage of endpoints with method POST", "statistic": "40" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.total", "description": "Count of total endpoints", "statistic": "159" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.response.slow", "description": "Percentage of slow responses", "statistic": "33" } ], "site":[ { "@name": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "@host": "127.0.0.1", "@port": "8080", "@ssl": "false", "alerts": [ { "pluginid": "10031", "alertRef": "10031", "alert": "User Controllable HTML Element Attribute (Potential XSS)", "name": "User Controllable HTML Element Attribute (Potential XSS)", "riskcode": "0", "confidence": "1", "riskdesc": "Informational (Low)", "desc": "

This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.

", "instances":[ { "id": "47", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)", "method": "GET", "param": "_tabKey_infoType", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [a] tag [title] attribute\n\nThe user input found was:\n_tabKey_infoType=token\n\nThe user-controlled value was:\ntoken policy" }, { "id": "72", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_0=filtroTipoTokenPolicy\n\nThe user-controlled value was:\nfiltrotipotokenpolicy" }, { "id": "73", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_0=retrieveToken\n\nThe user-controlled value was:\nretrievetoken" }, { "id": "74", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "search", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nsearch=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "75", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "url_entry_8", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nurl_entry_8=configurazionePolicyGestioneTokenChange.do?_tabKey_infoType=&idPolicy=2\n\nThe user-controlled value was:\nconfigurazionepolicygestionetokenchange.do?_tabkey_infotype=&idpolicy=281" }, { "id": "2205", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "__i_hidden_title_iconUso_0_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__i_hidden_title_iconUso_0_0=informazioniUtilizzoOggettoRegistro?idOggetto=281&tipoOggetto=TOKEN_POLICY&tipoRisposta=text\n\nThe user-controlled value was:\ninformazioniutilizzooggettoregistro?idoggetto=281&tipooggetto=token_policy&tiporisposta=text" }, { "id": "2209", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "__i_hidden_title_iconUso_0_4", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__i_hidden_title_iconUso_0_4=proprietaOggettoRegistro?idOggetto=281&tipoOggetto=TOKEN_POLICY&tipoRisposta=text\n\nThe user-controlled value was:\nproprietaoggettoregistro?idoggetto=281&tipooggetto=token_policy&tiporisposta=text" }, { "id": "2217", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "__i_hidden_title_iconUso_1_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__i_hidden_title_iconUso_1_0=informazioniUtilizzoOggettoRegistro?idOggetto=282&tipoOggetto=TOKEN_POLICY&tipoRisposta=text\n\nThe user-controlled value was:\ninformazioniutilizzooggettoregistro?idoggetto=282&tipooggetto=token_policy&tiporisposta=text" }, { "id": "2221", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "__i_hidden_title_iconUso_1_4", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__i_hidden_title_iconUso_1_4=proprietaOggettoRegistro?idOggetto=282&tipoOggetto=TOKEN_POLICY&tipoRisposta=text\n\nThe user-controlled value was:\nproprietaoggettoregistro?idoggetto=282&tipooggetto=token_policy&tiporisposta=text" }, { "id": "2187", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "filterName_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_0=filtroTipoTokenPolicy\n\nThe user-controlled value was:\nfiltrotipotokenpolicy" }, { "id": "2188", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "filterValue_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_0=retrieveToken\n\nThe user-controlled value was:\nretrievetoken" }, { "id": "2189", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "search", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nsearch=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "2194", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "selectcheckbox", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nselectcheckbox=281\n\nThe user-controlled value was:\n281" }, { "id": "2196", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "url_entry_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nurl_entry_0=configurazionePolicyGestioneTokenChange.do?_tabKey_infoType=&idPolicy=281\n\nThe user-controlled value was:\nconfigurazionepolicygestionetokenchange.do?_tabkey_infotype=&idpolicy=281" }, { "id": "2213", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "url_entry_1", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nurl_entry_1=configurazionePolicyGestioneTokenChange.do?_tabKey_infoType=&idPolicy=282\n\nThe user-controlled value was:\nconfigurazionepolicygestionetokenchange.do?_tabkey_infotype=&idpolicy=282" }, { "id": "1951", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "_tabKey_infoType", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [a] tag [title] attribute\n\nThe user input found was:\n_tabKey_infoType=token\n\nThe user-controlled value was:\ntoken policy" }, { "id": "1952", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_0=filtroTipoTokenPolicy\n\nThe user-controlled value was:\nfiltrotipotokenpolicy" }, { "id": "1953", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_0=retrieveToken\n\nThe user-controlled value was:\nretrievetoken" }, { "id": "1954", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "search", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nsearch=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "1955", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "url_entry_8", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nurl_entry_8=configurazionePolicyGestioneTokenChange.do?_tabKey_infoType=token&idPolicy=2\n\nThe user-controlled value was:\nconfigurazionepolicygestionetokenchange.do?_tabkey_infotype=token&idpolicy=281" }, { "id": "3617", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "__i_hidden_title_iconUso_0_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__i_hidden_title_iconUso_0_0=informazioniUtilizzoOggettoRegistro?idOggetto=281&tipoOggetto=TOKEN_POLICY&tipoRisposta=text\n\nThe user-controlled value was:\ninformazioniutilizzooggettoregistro?idoggetto=281&tipooggetto=token_policy&tiporisposta=text" }, { "id": "3620", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "__i_hidden_title_iconUso_0_4", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__i_hidden_title_iconUso_0_4=proprietaOggettoRegistro?idOggetto=281&tipoOggetto=TOKEN_POLICY&tipoRisposta=text\n\nThe user-controlled value was:\nproprietaoggettoregistro?idoggetto=281&tipooggetto=token_policy&tiporisposta=text" }, { "id": "3624", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "__i_hidden_title_iconUso_1_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__i_hidden_title_iconUso_1_0=informazioniUtilizzoOggettoRegistro?idOggetto=282&tipoOggetto=TOKEN_POLICY&tipoRisposta=text\n\nThe user-controlled value was:\ninformazioniutilizzooggettoregistro?idoggetto=282&tipooggetto=token_policy&tiporisposta=text" }, { "id": "3626", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "__i_hidden_title_iconUso_1_4", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__i_hidden_title_iconUso_1_4=proprietaOggettoRegistro?idOggetto=282&tipoOggetto=TOKEN_POLICY&tipoRisposta=text\n\nThe user-controlled value was:\nproprietaoggettoregistro?idoggetto=282&tipooggetto=token_policy&tiporisposta=text" }, { "id": "3605", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "_tabKey_infoType", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [a] tag [title] attribute\n\nThe user input found was:\n_tabKey_infoType=token\n\nThe user-controlled value was:\ntoken policy" }, { "id": "3607", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "filterName_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_0=filtroTipoTokenPolicy\n\nThe user-controlled value was:\nfiltrotipotokenpolicy" }, { "id": "3609", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "filterValue_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_0=retrieveToken\n\nThe user-controlled value was:\nretrievetoken" }, { "id": "3611", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "search", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nsearch=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "3613", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "selectcheckbox", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nselectcheckbox=281\n\nThe user-controlled value was:\n281" }, { "id": "3615", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "url_entry_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nurl_entry_0=configurazionePolicyGestioneTokenChange.do?_tabKey_infoType=token&idPolicy=281\n\nThe user-controlled value was:\nconfigurazionepolicygestionetokenchange.do?_tabkey_infotype=token&idpolicy=281" }, { "id": "3622", "uri": "http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1)", "method": "POST", "param": "url_entry_1", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nurl_entry_1=configurazionePolicyGestioneTokenChange.do?_tabKey_infoType=token&idPolicy=282\n\nThe user-controlled value was:\nconfigurazionepolicygestionetokenchange.do?_tabkey_infotype=token&idpolicy=282" } ], "count": "31", "systemic": false, "solution": "

Validate all input and sanitize output it before writing to any HTML attributes.

", "otherinfo": "

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:

http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes

appears to include user input in:

a(n) [a] tag [title] attribute

The user input found was:

_tabKey_infoType=token

The user-controlled value was:

token policy

", "reference": "

https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html

", "cweid": "20", "wascid": "20", "sourceid": "106" } ] } ], "sequences":[ ] }