/alerttags/cwe-601/ Recent content in CWE-601 on ZAP Hugo en-us /docs/alerts/210019-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019-6/ <p>Tainted value assigned to href attribute.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210015-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210015-4/ <p>Tainted URL passed to history.pushState, altering client-side navigation.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210015-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210015-2/ <p>Tainted destination URL passed to location.assign.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210015-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210015-1/ <p>Tainted data assigned to location.href, causing a client-side redirect.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210015-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210015-3/ <p>Tainted destination URL passed to location.replace.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210015-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210015-5/ <p>Tainted URL passed to history.replaceState, altering client-side navigation state.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/220002-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220002-1/ <p>Detects client-side code that can redirect users to attacker-controlled URLs (open redirects). Includes assignment/calls that control window/location/navigation, attr-based redirects, form actions and jQuery variants.</p> <p>Generated by OWASP PTK SAST Module</p> /docs/alerts/220002-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220002-3/ <p>Detects client-side code that can redirect users to attacker-controlled URLs (open redirects). Includes assignment/calls that control window/location/navigation, attr-based redirects, form actions and jQuery variants.</p> <p>Generated by OWASP PTK SAST Module</p> /docs/alerts/20019-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20019-1/ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p> /docs/alerts/20019-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20019-2/ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p> /docs/alerts/20019-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20019-3/ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p> /docs/alerts/20019-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20019-4/ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p> /docs/alerts/210005-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210005-1/ <p>Tainted route, body, or messaging value changed form action.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210019-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019-7/ <p>Tainted value assigned to form action.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210005-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210005-2/ <p>Tainted route, body, or messaging value changed formAction.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210019-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019-2/ <p>Tainted value passed to location.assign.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210019-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019-1/ <p>Tainted value navigated location.href.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210019-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019-3/ <p>Tainted value passed to location.replace.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210019-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019-5/ <p>Tainted value passed to navigation.navigate.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/10028/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10028/ <p>Open redirects are one of the OWASP 2010 Top Ten vulnerabilities. This check looks at user-supplied input in query string parameters and POST data to identify where open redirects might be possible. Open redirects occur when an application allows user-supplied input (e.g. <a href="https://nottrusted.com">https://nottrusted.com</a>) to control an off-site destination. This is generally a pretty accurate way to find where 301 or 302 redirects could be exploited by spammers or phishing attacks.</p> /docs/alerts/200023-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200023-3/ <p>Tests for open redirect by forcing redirect-like parameters to an external, benign domain.</p> <p>Generated by OWASP PTK DAST Module</p> /docs/alerts/200023-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200023-2/ <p>Tests for open redirect by forcing redirect-like parameters to an external, benign domain.</p> <p>Generated by OWASP PTK DAST Module</p> /docs/alerts/200023-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200023-1/ <p>Tests for open redirect by forcing redirect-like parameters to an external, benign domain.</p> <p>Generated by OWASP PTK DAST Module</p> /docs/alerts/210002-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210002-2/ <p>Tainted destination URL used in navigation.navigate.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210002-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210002-1/ <p>Tainted URL used in window.open (possible open redirect).</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210004-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210004-3/ <p>Client route state influenced history.pushState.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210004-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210004-1/ <p>Client route state influenced history.replaceState.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210004-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210004-2/ <p>Client route state influenced navigation.navigate.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/220002-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220002-2/ <p>Detects client-side code that can redirect users to attacker-controlled URLs (open redirects). Includes assignment/calls that control window/location/navigation, attr-based redirects, form actions and jQuery variants.</p> <p>Generated by OWASP PTK SAST Module</p> /docs/alerts/210014-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210014-1/ <p>Tainted URL assigned to an element href attribute.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210014-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210014-2/ <p>Tainted URL assigned to a non-script/iframe/src element src attribute.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210014-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210014-3/ <p>Tainted URL assigned to a form action attribute.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210014-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210014-4/ <p>Tainted URL assigned to a formAction attribute.</p> <p>Generated by OWASP PTK IAST Module</p> /docs/alerts/210019-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019-4/ <p>Tainted value passed to window.open.</p> <p>Generated by OWASP PTK IAST Module</p>