{ "@programName": "ZAP", "@version": "2.17.0", "@generated": "Sat, 11 Apr 2026 17:16:14", "created": "2026-04-11T15:16:14.658349338Z", "insights":[ { "level": "Info", "reason": "Informational", "site": "", "key": "insight.network.failure", "description": "Percentage of network failures", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.code.2xx", "description": "Percentage of responses with status code 2xx", "statistic": "64" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.code.3xx", "description": "Percentage of responses with status code 3xx", "statistic": "14" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.code.4xx", "description": "Percentage of responses with status code 4xx", "statistic": "19" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.code.5xx", "description": "Percentage of responses with status code 5xx", "statistic": "2" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.image/gif", "description": "Percentage of endpoints with content type image/gif", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.image/png", "description": "Percentage of endpoints with content type image/png", "statistic": "3" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.image/x-icon", "description": "Percentage of endpoints with content type image/x-icon", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/css", "description": "Percentage of endpoints with content type text/css", "statistic": "6" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/html", "description": "Percentage of endpoints with content type text/html", "statistic": "73" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/javascript", "description": "Percentage of endpoints with content type text/javascript", "statistic": "6" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.ctype.text/plain", "description": "Percentage of endpoints with content type text/plain", "statistic": "1" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.method.GET", "description": "Percentage of endpoints with method GET", "statistic": "64" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.method.POST", "description": "Percentage of endpoints with method POST", "statistic": "35" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.endpoint.total", "description": "Count of total endpoints", "statistic": "203" }, { "level": "Info", "reason": "Informational", "site": "http://127.0.0.1:8080", "key": "insight.response.slow", "description": "Percentage of slow responses", "statistic": "27" } ], "site":[ { "@name": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "@host": "127.0.0.1", "@port": "8080", "@ssl": "false", "alerts": [ { "pluginid": "10031", "alertRef": "10031", "alert": "User Controllable HTML Element Attribute (Potential XSS)", "name": "User Controllable HTML Element Attribute (Potential XSS)", "riskcode": "0", "confidence": "1", "riskdesc": "Informational (Low)", "desc": "

This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.

", "instances":[ { "id": "12114", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "__fake__search__", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [td] tag [id] attribute\n\nThe user input found was:\n__fake__search__=search\n\nThe user-controlled value was:\nsearchformheader" }, { "id": "12116", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_0=filtroProtocollo\n\nThe user-controlled value was:\nfiltroprotocollo" }, { "id": "12123", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_1", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_1=filtroTipoSA\n\nThe user-controlled value was:\nfiltrotiposa" }, { "id": "12133", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_2", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_2=filtroTipoCredenziali\n\nThe user-controlled value was:\nfiltrotipocredenziali" }, { "id": "12141", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_3", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_3=filtroRuolo\n\nThe user-controlled value was:\nfiltroruolo" }, { "id": "12149", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_4", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_4=filtroGruppo\n\nThe user-controlled value was:\nfiltrogruppo" }, { "id": "12156", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_5", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_5=filtroApiContesto\n\nThe user-controlled value was:\nfiltroapicontesto" }, { "id": "12185", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_6", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_6=subtDatiProp\n\nThe user-controlled value was:\nsubtdatiprop" }, { "id": "12191", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_7", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_7=filtroPropNome\n\nThe user-controlled value was:\nfiltropropnome" }, { "id": "12205", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_8", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_8=filtroPropValore\n\nThe user-controlled value was:\nfiltropropvalore" }, { "id": "12142", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_3", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_3=ModIRuolo1FonteQualsiasi\n\nThe user-controlled value was:\nmodiruolo1fontequalsiasi" }, { "id": "12197", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_7", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_7=authzContenutiTest\n\nThe user-controlled value was:\nauthzcontenutitest" }, { "id": "12172", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_8", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterValue_8=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "12180", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_2,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_2,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_2,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_2,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_2,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_2,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_2,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_2,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_2,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_2,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_2,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_2,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_2,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_2,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_2,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_2,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_2,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_2,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "search", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nsearch=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "13248", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "__fake__search__", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [td] tag [id] attribute\n\nThe user input found was:\n__fake__search__=search\n\nThe user-controlled value was:\nsearchformheader" }, { "id": "13250", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_0=filtroProtocollo\n\nThe user-controlled value was:\nfiltroprotocollo" }, { "id": "13251", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_1", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_1=filtroTipoSA\n\nThe user-controlled value was:\nfiltrotiposa" }, { "id": "13252", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_2", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_2=filtroTipoCredenziali\n\nThe user-controlled value was:\nfiltrotipocredenziali" }, { "id": "13253", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_3", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_3=filtroRuolo\n\nThe user-controlled value was:\nfiltroruolo" }, { "id": "13255", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_4", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_4=filtroGruppo\n\nThe user-controlled value was:\nfiltrogruppo" }, { "id": "13256", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_5", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_5=filtroApiContesto\n\nThe user-controlled value was:\nfiltroapicontesto" }, { "id": "13263", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_6", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_6=subtDatiProp\n\nThe user-controlled value was:\nsubtdatiprop" }, { "id": "13264", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_7", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_7=filtroPropNome\n\nThe user-controlled value was:\nfiltropropnome" }, { "id": "13266", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_8", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_8=filtroPropValore\n\nThe user-controlled value was:\nfiltropropvalore" }, { "id": "13254", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterValue_3", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_3=ModIRuolo1FonteQualsiasi\n\nThe user-controlled value was:\nmodiruolo1fontequalsiasi" }, { "id": "13265", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterValue_7", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_7=authzContenutiTest\n\nThe user-controlled value was:\nauthzcontenutitest" }, { "id": "13261", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterValue_8", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterValue_8=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "13262", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do ()(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "search", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nsearch=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "113", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "__fake__search__", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [td] tag [id] attribute\n\nThe user input found was:\n__fake__search__=search\n\nThe user-controlled value was:\nsearchformheader" }, { "id": "115", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_0=filtroProtocollo\n\nThe user-controlled value was:\nfiltroprotocollo" }, { "id": "116", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_1", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_1=filtroTipoSA\n\nThe user-controlled value was:\nfiltrotiposa" }, { "id": "129", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_10", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_10=subtDatiProp\n\nThe user-controlled value was:\nsubtdatiprop" }, { "id": "130", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_11", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_11=filtroPropNome\n\nThe user-controlled value was:\nfiltropropnome" }, { "id": "132", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_12", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_12=filtroPropValore\n\nThe user-controlled value was:\nfiltropropvalore" }, { "id": "117", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_2", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_2=filtroTipoCredenziali\n\nThe user-controlled value was:\nfiltrotipocredenziali" }, { "id": "118", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_3", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_3=filtroRuolo\n\nThe user-controlled value was:\nfiltroruolo" }, { "id": "120", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_4", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_4=filtroGruppo\n\nThe user-controlled value was:\nfiltrogruppo" }, { "id": "121", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterName_5", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_5=filtroApiContesto\n\nThe user-controlled value was:\nfiltroapicontesto" }, { "id": "131", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_11", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_11=authzContenutiTest\n\nThe user-controlled value was:\nauthzcontenutitest" }, { "id": "126", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_12", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterValue_12=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "119", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_3", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_3=ModIRuolo1FonteQualsiasi\n\nThe user-controlled value was:\nmodiruolo1fontequalsiasi" }, { "id": "127", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "filterValue_9", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterValue_9=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "128", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,__i_hidden_title_iconUso_0_0,__i_hidden_title_iconUso_0_2,__i_hidden_title_iconUso_10_0,__i_hidden_title_iconUso_10_3,__i_hidden_title_iconUso_11_0,__i_hidden_title_iconUso_11_3,__i_hidden_title_iconUso_12_0,__i_hidden_title_iconUso_12_3,__i_hidden_title_iconUso_13_0,__i_hidden_title_iconUso_13_3,__i_hidden_title_iconUso_14_0,__i_hidden_title_iconUso_14_3,__i_hidden_title_iconUso_15_0,__i_hidden_title_iconUso_15_2,__i_hidden_title_iconUso_16_0,__i_hidden_title_iconUso_16_3,__i_hidden_title_iconUso_17_0,__i_hidden_title_iconUso_17_3,__i_hidden_title_iconUso_18_0,__i_hidden_title_iconUso_18_3,__i_hidden_title_iconUso_19_0,__i_hidden_title_iconUso_19_3,__i_hidden_title_iconUso_1_0,__i_hidden_title_iconUso_1_3,__i_hidden_title_iconUso_2_0,__i_hidden_title_iconUso_2_3,__i_hidden_title_iconUso_3_0,__i_hidden_title_iconUso_3_3,__i_hidden_title_iconUso_4_0,__i_hidden_title_iconUso_4_3,__i_hidden_title_iconUso_5_0,__i_hidden_title_iconUso_5_3,__i_hidden_title_iconUso_6_0,__i_hidden_title_iconUso_6_3,__i_hidden_title_iconUso_7_0,__i_hidden_title_iconUso_7_3,__i_hidden_title_iconUso_8_0,__i_hidden_title_iconUso_8_3,__i_hidden_title_iconUso_9_0,__i_hidden_title_iconUso_9_3,_csrf,be_name_0,chkAll,filterName_0,filterName_1,filterName_10,filterName_11,filterName_12,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterName_9,filterValue_11,filterValue_12,filterValue_3,filterValue_8,filterValue_9,limit,search,selectcheckbox,url_entry_0,url_entry_1,url_entry_10,url_entry_11,url_entry_12,url_entry_13,url_entry_14,url_entry_15,url_entry_16,url_entry_17,url_entry_18,url_entry_19,url_entry_2,url_entry_3,url_entry_4,url_entry_5,url_entry_6,url_entry_7,url_entry_8,url_entry_9)", "method": "POST", "param": "search", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nsearch=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "2651", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "__fake__search__", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [td] tag [id] attribute\n\nThe user input found was:\n__fake__search__=search\n\nThe user-controlled value was:\nsearchformheader" }, { "id": "2653", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_0", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_0=filtroProtocollo\n\nThe user-controlled value was:\nfiltroprotocollo" }, { "id": "2654", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_1", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_1=filtroTipoSA\n\nThe user-controlled value was:\nfiltrotiposa" }, { "id": "2655", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_2", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_2=filtroTipoCredenziali\n\nThe user-controlled value was:\nfiltrotipocredenziali" }, { "id": "2656", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_3", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_3=filtroRuolo\n\nThe user-controlled value was:\nfiltroruolo" }, { "id": "2658", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_4", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_4=filtroGruppo\n\nThe user-controlled value was:\nfiltrogruppo" }, { "id": "2659", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_5", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_5=filtroApiContesto\n\nThe user-controlled value was:\nfiltroapicontesto" }, { "id": "2666", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_6", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_6=subtDatiProp\n\nThe user-controlled value was:\nsubtdatiprop" }, { "id": "2667", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_7", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_7=filtroPropNome\n\nThe user-controlled value was:\nfiltropropnome" }, { "id": "2669", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterName_8", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterName_8=filtroPropValore\n\nThe user-controlled value was:\nfiltropropvalore" }, { "id": "2657", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterValue_3", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_3=ModIRuolo1FonteQualsiasi\n\nThe user-controlled value was:\nmodiruolo1fontequalsiasi" }, { "id": "2668", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterValue_7", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfilterValue_7=authzContenutiTest\n\nThe user-controlled value was:\nauthzcontenutitest" }, { "id": "2664", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "filterValue_8", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nfilterValue_8=ZAP\n\nThe user-controlled value was:\nzap" }, { "id": "2665", "uri": "http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes", "nodeName": "http:\/\/127.0.0.1:8080\/govwayConsole\/serviziApplicativiList.do (__prevTabKey__,resetSearch)(__fake__search__,_csrf,filterName_0,filterName_1,filterName_2,filterName_3,filterName_4,filterName_5,filterName_6,filterName_7,filterName_8,filterValue_3,filterValue_7,filterValue_8,search)", "method": "POST", "param": "search", "attack": "", "evidence": "", "otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttp://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do?__prevTabKey__=8fea4ae0-e038-4206-bbb8-d5a8d232f54b&resetSearch=yes\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nsearch=ZAP\n\nThe user-controlled value was:\nzap" } ], "count": "57", "systemic": false, "solution": "

Validate all input and sanitize output it before writing to any HTML attributes.

", "otherinfo": "

User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:

http://127.0.0.1:8080/govwayConsole/serviziApplicativiList.do

appears to include user input in:

a(n) [td] tag [id] attribute

The user input found was:

__fake__search__=search

The user-controlled value was:

searchformheader

", "reference": "

https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html

", "cweid": "20", "wascid": "20", "sourceid": "1271" } ] } ], "sequences":[ ] }