{
	"@programName": "ZAP",
	"@version": "2.17.0",
	"@generated": "Sat, 11 Apr 2026 17:11:55",
	"created": "2026-04-11T15:11:55.286052522Z",
	"insights":[
		{
			"level": "Info",
			"reason": "Informational",
			"site": "http://127.0.0.1:8080",
			"key": "insight.code.2xx",
			"description": "Percentage of responses with status code 2xx",
			"statistic": "94"
		},
		{
			"level": "Info",
			"reason": "Informational",
			"site": "http://127.0.0.1:8080",
			"key": "insight.code.3xx",
			"description": "Percentage of responses with status code 3xx",
			"statistic": "2"
		},
		{
			"level": "Info",
			"reason": "Informational",
			"site": "http://127.0.0.1:8080",
			"key": "insight.code.5xx",
			"description": "Percentage of responses with status code 5xx",
			"statistic": "3"
		},
		{
			"level": "Info",
			"reason": "Informational",
			"site": "http://127.0.0.1:8080",
			"key": "insight.endpoint.ctype.image/gif",
			"description": "Percentage of endpoints with content type image/gif",
			"statistic": "1"
		},
		{
			"level": "Info",
			"reason": "Informational",
			"site": "http://127.0.0.1:8080",
			"key": "insight.endpoint.ctype.image/png",
			"description": "Percentage of endpoints with content type image/png",
			"statistic": "5"
		},
		{
			"level": "Info",
			"reason": "Informational",
			"site": "http://127.0.0.1:8080",
			"key": "insight.endpoint.ctype.image/x-icon",
			"description": "Percentage of endpoints with content type image/x-icon",
			"statistic": "1"
		},
		{
			"level": "Info",
			"reason": "Informational",
			"site": "http://127.0.0.1:8080",
			"key": "insight.endpoint.ctype.text/css",
			"description": "Percentage of endpoints with content type text/css",
			"statistic": "8"
		},
		{
			"level": "Info",
			"reason": "Informational",
			"site": "http://127.0.0.1:8080",
			"key": "insight.endpoint.ctype.text/html",
			"description": "Percentage of endpoints with content type text/html",
			"statistic": "74"
		},
		{
			"level": "Info",
			"reason": "Informational",
			"site": "http://127.0.0.1:8080",
			"key": "insight.endpoint.ctype.text/javascript",
			"description": "Percentage of endpoints with content type text/javascript",
			"statistic": "8"
		},
		{
			"level": "Info",
			"reason": "Informational",
			"site": "http://127.0.0.1:8080",
			"key": "insight.endpoint.ctype.text/plain",
			"description": "Percentage of endpoints with content type text/plain",
			"statistic": "1"
		},
		{
			"level": "Info",
			"reason": "Informational",
			"site": "http://127.0.0.1:8080",
			"key": "insight.endpoint.method.GET",
			"description": "Percentage of endpoints with method GET",
			"statistic": "58"
		},
		{
			"level": "Info",
			"reason": "Informational",
			"site": "http://127.0.0.1:8080",
			"key": "insight.endpoint.method.POST",
			"description": "Percentage of endpoints with method POST",
			"statistic": "41"
		},
		{
			"level": "Info",
			"reason": "Informational",
			"site": "http://127.0.0.1:8080",
			"key": "insight.endpoint.total",
			"description": "Count of total endpoints",
			"statistic": "159"
		},
		{
			"level": "Info",
			"reason": "Informational",
			"site": "http://127.0.0.1:8080",
			"key": "insight.response.slow",
			"description": "Percentage of slow responses",
			"statistic": "50"
		}
	],
	"site":[ 
		{
			"@name": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
			"@host": "127.0.0.1",
			"@port": "8080",
			"@ssl": "false",
			"alerts": [ 
				{
					"pluginid": "10031",
					"alertRef": "10031",
					"alert": "User Controllable HTML Element Attribute (Potential XSS)",
					"name": "User Controllable HTML Element Attribute (Potential XSS)",
					"riskcode": "0",
					"confidence": "1",
					"riskdesc": "Informational (Low)",
					"desc": "<p>This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.</p>",
					"instances":[ 
						{
							"id": "72",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)",
							"method": "POST",
							"param": "filterName_1",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_1=filtroServiceBinding\n\nThe user-controlled value was:\nfiltroservicebinding"
						},
						{
							"id": "74",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)",
							"method": "POST",
							"param": "filterName_2",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_2=filtroGruppo\n\nThe user-controlled value was:\nfiltrogruppo"
						},
						{
							"id": "73",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)",
							"method": "POST",
							"param": "filterValue_1",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_1=soap\n\nThe user-controlled value was:\nsoap"
						},
						{
							"id": "75",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)",
							"method": "POST",
							"param": "filterValue_2",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_2=AltroTag\n\nThe user-controlled value was:\naltrotag"
						},
						{
							"id": "76",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)",
							"method": "POST",
							"param": "search",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nsearch=ZAP\n\nThe user-controlled value was:\nzap"
						},
						{
							"id": "3021",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)",
							"method": "POST",
							"param": "filterName_0",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_0=filtroProtocollo\n\nThe user-controlled value was:\nfiltroprotocollo"
						},
						{
							"id": "3022",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)",
							"method": "POST",
							"param": "filterName_1",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_1=filtroServiceBinding\n\nThe user-controlled value was:\nfiltroservicebinding"
						},
						{
							"id": "3024",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)",
							"method": "POST",
							"param": "filterName_2",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_2=filtroGruppo\n\nThe user-controlled value was:\nfiltrogruppo"
						},
						{
							"id": "3023",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)",
							"method": "POST",
							"param": "filterValue_1",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_1=soap\n\nThe user-controlled value was:\nsoap"
						},
						{
							"id": "3025",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)",
							"method": "POST",
							"param": "filterValue_2",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_2=AltroTag\n\nThe user-controlled value was:\naltrotag"
						},
						{
							"id": "3026",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterName_2,filterValue_1,filterValue_2,search)",
							"method": "POST",
							"param": "search",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nsearch=ZAP\n\nThe user-controlled value was:\nzap"
						},
						{
							"id": "2066",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterValue_0,filterValue_1,search)",
							"method": "POST",
							"param": "filterName_0",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_0=filtroServiceBinding\n\nThe user-controlled value was:\nfiltroservicebinding"
						},
						{
							"id": "2072",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterValue_0,filterValue_1,search)",
							"method": "POST",
							"param": "filterName_1",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_1=filtroGruppo\n\nThe user-controlled value was:\nfiltrogruppo"
						},
						{
							"id": "2069",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterValue_0,filterValue_1,search)",
							"method": "POST",
							"param": "filterValue_0",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_0=soap\n\nThe user-controlled value was:\nsoap"
						},
						{
							"id": "2075",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterValue_0,filterValue_1,search)",
							"method": "POST",
							"param": "filterValue_1",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_1=AltroTag\n\nThe user-controlled value was:\naltrotag"
						},
						{
							"id": "2078",
							"uri": "http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc",
							"nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/accordiServizioParteComuneApiList.do (tipoAccordo)(_csrf,filterName_0,filterName_1,filterValue_0,filterValue_1,search)",
							"method": "POST",
							"param": "search",
							"attack": "",
							"evidence": "",
							"otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nsearch=ZAP\n\nThe user-controlled value was:\nzap"
						}
					],
					"count": "16",
					"systemic": false,
					"solution": "<p>Validate all input and sanitize output it before writing to any HTML attributes.</p>",
					"otherinfo": "<p>User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:</p><p></p><p>http://127.0.0.1:8080/govwayConsole/accordiServizioParteComuneApiList.do?tipoAccordo=apc</p><p></p><p>appears to include user input in:</p><p>a(n) [input] tag [value] attribute</p><p></p><p>The user input found was:</p><p>filterName_1=filtroServiceBinding</p><p></p><p>The user-controlled value was:</p><p>filtroservicebinding</p>",
					"reference": "<p>https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html</p>",
					"cweid": "20",
					"wascid": "20",
					"sourceid": "174"
				}
			]
		}
	],
	"sequences":[
	]

}