10031 10031 User Controllable HTML Element Attribute (Potential XSS) User Controllable HTML Element Attribute (Potential XSS) 0 1 Informational (Low) Low <p>This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.</p> http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch) GET _tabKey_infoType User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [a] tag [title] attribute The user input found was: _tabKey_infoType=token The user-controlled value was: token policy http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9) POST filterName_0 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_0=filtroTipoTokenPolicy The user-controlled value was: filtrotipotokenpolicy http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9) POST filterValue_0 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do appears to include user input in: a(n) [option] tag [value] attribute The user input found was: filterValue_0=retrieveToken The user-controlled value was: retrievetoken http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9) POST search User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9) POST url_entry_8 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: url_entry_8=configurazionePolicyGestioneTokenChange.do?_tabKey_infoType=&idPolicy=2 The user-controlled value was: configurazionepolicygestionetokenchange.do?_tabkey_infotype=&idpolicy=281 http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST __i_hidden_title_iconUso_0_0 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: __i_hidden_title_iconUso_0_0=informazioniUtilizzoOggettoRegistro?idOggetto=281&tipoOggetto=TOKEN_POLICY&tipoRisposta=text The user-controlled value was: informazioniutilizzooggettoregistro?idoggetto=281&tipooggetto=token_policy&tiporisposta=text http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST __i_hidden_title_iconUso_0_4 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: __i_hidden_title_iconUso_0_4=proprietaOggettoRegistro?idOggetto=281&tipoOggetto=TOKEN_POLICY&tipoRisposta=text The user-controlled value was: proprietaoggettoregistro?idoggetto=281&tipooggetto=token_policy&tiporisposta=text http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST __i_hidden_title_iconUso_1_0 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: __i_hidden_title_iconUso_1_0=informazioniUtilizzoOggettoRegistro?idOggetto=282&tipoOggetto=TOKEN_POLICY&tipoRisposta=text The user-controlled value was: informazioniutilizzooggettoregistro?idoggetto=282&tipooggetto=token_policy&tiporisposta=text http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST __i_hidden_title_iconUso_1_4 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: __i_hidden_title_iconUso_1_4=proprietaOggettoRegistro?idOggetto=282&tipoOggetto=TOKEN_POLICY&tipoRisposta=text The user-controlled value was: proprietaoggettoregistro?idoggetto=282&tipooggetto=token_policy&tiporisposta=text http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST filterName_0 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_0=filtroTipoTokenPolicy The user-controlled value was: filtrotipotokenpolicy http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST filterValue_0 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do appears to include user input in: a(n) [option] tag [value] attribute The user input found was: filterValue_0=retrieveToken The user-controlled value was: retrievetoken http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST search User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST selectcheckbox User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: selectcheckbox=281 The user-controlled value was: 281 http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST url_entry_0 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: url_entry_0=configurazionePolicyGestioneTokenChange.do?_tabKey_infoType=&idPolicy=281 The user-controlled value was: configurazionepolicygestionetokenchange.do?_tabkey_infotype=&idpolicy=281 http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do ()(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST url_entry_1 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do appears to include user input in: a(n) [input] tag [value] attribute The user input found was: url_entry_1=configurazionePolicyGestioneTokenChange.do?_tabKey_infoType=&idPolicy=282 The user-controlled value was: configurazionepolicygestionetokenchange.do?_tabkey_infotype=&idpolicy=282 http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9) POST _tabKey_infoType User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [a] tag [title] attribute The user input found was: _tabKey_infoType=token The user-controlled value was: token policy http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9) POST filterName_0 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_0=filtroTipoTokenPolicy The user-controlled value was: filtrotipotokenpolicy http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9) POST filterValue_0 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [option] tag [value] attribute The user input found was: filterValue_0=retrieveToken The user-controlled value was: retrievetoken http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9) POST search User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_4,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_4,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_4,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_4,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_4,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_4,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_4,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9) POST url_entry_8 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: url_entry_8=configurazionePolicyGestioneTokenChange.do?_tabKey_infoType=token&idPolicy=2 The user-controlled value was: configurazionepolicygestionetokenchange.do?_tabkey_infotype=token&idpolicy=281 http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST __i_hidden_title_iconUso_0_0 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: __i_hidden_title_iconUso_0_0=informazioniUtilizzoOggettoRegistro?idOggetto=281&tipoOggetto=TOKEN_POLICY&tipoRisposta=text The user-controlled value was: informazioniutilizzooggettoregistro?idoggetto=281&tipooggetto=token_policy&tiporisposta=text http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST __i_hidden_title_iconUso_0_4 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: __i_hidden_title_iconUso_0_4=proprietaOggettoRegistro?idOggetto=281&tipoOggetto=TOKEN_POLICY&tipoRisposta=text The user-controlled value was: proprietaoggettoregistro?idoggetto=281&tipooggetto=token_policy&tiporisposta=text http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST __i_hidden_title_iconUso_1_0 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: __i_hidden_title_iconUso_1_0=informazioniUtilizzoOggettoRegistro?idOggetto=282&tipoOggetto=TOKEN_POLICY&tipoRisposta=text The user-controlled value was: informazioniutilizzooggettoregistro?idoggetto=282&tipooggetto=token_policy&tiporisposta=text http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST __i_hidden_title_iconUso_1_4 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: __i_hidden_title_iconUso_1_4=proprietaOggettoRegistro?idOggetto=282&tipoOggetto=TOKEN_POLICY&tipoRisposta=text The user-controlled value was: proprietaoggettoregistro?idoggetto=282&tipooggetto=token_policy&tiporisposta=text http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST _tabKey_infoType User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [a] tag [title] attribute The user input found was: _tabKey_infoType=token The user-controlled value was: token policy http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST filterName_0 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_0=filtroTipoTokenPolicy The user-controlled value was: filtrotipotokenpolicy http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST filterValue_0 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [option] tag [value] attribute The user input found was: filterValue_0=retrieveToken The user-controlled value was: retrievetoken http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST search User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST selectcheckbox User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: selectcheckbox=281 The user-controlled value was: 281 http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST url_entry_0 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: url_entry_0=configurazionePolicyGestioneTokenChange.do?_tabKey_infoType=token&idPolicy=281 The user-controlled value was: configurazionepolicygestionetokenchange.do?_tabkey_infotype=token&idpolicy=281 http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do (__prevTabKey__,_tabKey_infoType,resetSearch)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_4,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_4,_csrf,be_name_0,chkAll,filterName_0,filterValue_0,search,selectcheckbox,url_entry_0,url_entry_1) POST url_entry_1 User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes appears to include user input in: a(n) [input] tag [value] attribute The user input found was: url_entry_1=configurazionePolicyGestioneTokenChange.do?_tabKey_infoType=token&idPolicy=282 The user-controlled value was: configurazionepolicygestionetokenchange.do?_tabkey_infotype=token&idpolicy=282 31 false <p>Validate all input and sanitize output it before writing to any HTML attributes.</p> <p>User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:</p><p></p><p>http://127.0.0.1:8080/govwayConsole/configurazionePolicyGestioneTokenList.do?__prevTabKey__=146be88d-b935-4670-bb27-9a92e81f6133&_tabKey_infoType=token&resetSearch=yes</p><p></p><p>appears to include user input in:</p><p>a(n) [a] tag [title] attribute</p><p></p><p>The user input found was:</p><p>_tabKey_infoType=token</p><p></p><p>The user-controlled value was:</p><p>token policy</p> <p>https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html</p> 20 20 106 Info Informational http://127.0.0.1:8080 insight.code.2xx Percentage of responses with status code 2xx 94 Info Informational http://127.0.0.1:8080 insight.code.3xx Percentage of responses with status code 3xx 2 Info Informational http://127.0.0.1:8080 insight.code.5xx Percentage of responses with status code 5xx 3 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.application/zip Percentage of endpoints with content type application/zip 1 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.image/gif Percentage of endpoints with content type image/gif 1 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.image/png Percentage of endpoints with content type image/png 5 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.image/x-icon Percentage of endpoints with content type image/x-icon 1 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.text/css Percentage of endpoints with content type text/css 8 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.text/html Percentage of endpoints with content type text/html 74 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.text/javascript Percentage of endpoints with content type text/javascript 8 Info Informational http://127.0.0.1:8080 insight.endpoint.ctype.text/plain Percentage of endpoints with content type text/plain 1 Info Informational http://127.0.0.1:8080 insight.endpoint.method.GET Percentage of endpoints with method GET 59 Info Informational http://127.0.0.1:8080 insight.endpoint.method.POST Percentage of endpoints with method POST 40 Info Informational http://127.0.0.1:8080 insight.endpoint.total Count of total endpoints 159 Info Informational http://127.0.0.1:8080 insight.response.slow Percentage of slow responses 33