GovWay Console di Configurazione

Site: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc

Generated on Tue, 24 Feb 2026 05:14:41

ZAP Version: 2.17.0

Summary of Alerts

Risk Level	Number of Alerts
High	0
Medium	0
Low	0
Informational	1

Risk Level

Number of Alerts

High

Medium

Low

Informational

Alerts

Name	Risk Level	Number of Instances
User Controllable HTML Element Attribute (Potential XSS)	Informational	12

Name

Risk Level

Number of Instances

User Controllable HTML Element Attribute (Potential XSS)

Informational

Alert Detail

Informational	User Controllable HTML Element Attribute (Potential XSS)
Description	This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.

URL	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc
Node Name	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)
Method	POST
Parameter	filterName_0
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_0=filtroProtocollo The user-controlled value was: filtroprotocollo
URL	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc
Node Name	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)
Method	POST
Parameter	filterName_1
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_1=filtroServiceBinding The user-controlled value was: filtroservicebinding
URL	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc
Node Name	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)
Method	POST
Parameter	filterName_2
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_2=filtroGruppo The user-controlled value was: filtrogruppo
URL	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc
Node Name	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)
Method	POST
Parameter	filterValue_1
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [option] tag [value] attribute The user input found was: filterValue_1=soap The user-controlled value was: soap
URL	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc
Node Name	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)
Method	POST
Parameter	filterValue_2
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [option] tag [value] attribute The user input found was: filterValue_2=AltroTag The user-controlled value was: altrotag
URL	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc
Node Name	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)
Method	POST
Parameter	search
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap
URL	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc
Node Name	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)
Method	POST
Parameter	filterName_0
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_0=filtroProtocollo The user-controlled value was: filtroprotocollo
URL	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc
Node Name	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)
Method	POST
Parameter	filterName_1
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_1=filtroServiceBinding The user-controlled value was: filtroservicebinding
URL	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc
Node Name	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)
Method	POST
Parameter	filterName_2
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_2=filtroGruppo The user-controlled value was: filtrogruppo
URL	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc
Node Name	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)
Method	POST
Parameter	filterValue_1
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [option] tag [value] attribute The user input found was: filterValue_1=soap The user-controlled value was: soap
URL	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc
Node Name	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)
Method	POST
Parameter	filterValue_2
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [option] tag [value] attribute The user input found was: filterValue_2=AltroTag The user-controlled value was: altrotag
URL	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc
Node Name	http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)
Method	POST
Parameter	search
Attack
Evidence
Other Info	User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [input] tag [value] attribute The user input found was: search=ZAP The user-controlled value was: zap
Instances	12
Solution	Validate all input and sanitize output it before writing to any HTML attributes.
Reference	https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
CWE Id	20
WASC Id	20
Plugin Id	10031

Informational

User Controllable HTML Element Attribute (Potential XSS)

Description

This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.

URL

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc

Node Name

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)

Method

POST

Parameter

filterName_0

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_0=filtroProtocollo The user-controlled value was: filtroprotocollo

URL

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc

Node Name

Method

POST

Parameter

filterName_1

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_1=filtroServiceBinding The user-controlled value was: filtroservicebinding

URL

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc

Node Name

Method

POST

Parameter

filterName_2

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_2=filtroGruppo The user-controlled value was: filtrogruppo

URL

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc

Node Name

Method

POST

Parameter

filterValue_1

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [option] tag [value] attribute The user input found was: filterValue_1=soap The user-controlled value was: soap

URL

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc

Node Name

Method

POST

Parameter

filterValue_2

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [option] tag [value] attribute The user input found was: filterValue_2=AltroTag The user-controlled value was: altrotag

URL

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc

Node Name

Method

POST

Parameter

Attack

Evidence

Other Info

URL

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc

Node Name

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)

Method

POST

Parameter

filterName_0

Attack

Evidence

Other Info

URL

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc

Node Name

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)

Method

POST

Parameter

filterName_1

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_1=filtroServiceBinding The user-controlled value was: filtroservicebinding

URL

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc

Node Name

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)

Method

POST

Parameter

filterName_2

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [input] tag [value] attribute The user input found was: filterName_2=filtroGruppo The user-controlled value was: filtrogruppo

URL

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc

Node Name

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)

Method

POST

Parameter

filterValue_1

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [option] tag [value] attribute The user input found was: filterValue_1=soap The user-controlled value was: soap

URL

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc

Node Name

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)

Method

POST

Parameter

filterValue_2

Attack

Evidence

Other Info

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc appears to include user input in: a(n) [option] tag [value] attribute The user input found was: filterValue_2=AltroTag The user-controlled value was: altrotag

URL

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc

Node Name

http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)

Method

POST

Parameter

Attack

Evidence

Other Info

Instances

Solution

Validate all input and sanitize output it before writing to any HTML attributes.

Reference

https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html

CWE Id

WASC Id

Plugin Id

10031

GovWay Console di Configurazione

Site: http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc

Generated on Tue, 24 Feb 2026 05:14:41

ZAP Version: 2.17.0

ZAP by Checkmarx

Summary of Alerts

Alerts

Alert Detail