OWASP_2021_A08 on ZAP /alerttags/owasp_2021_a08/ Recent content in OWASP_2021_A08 on ZAP Hugo en-us Cross-Domain JavaScript Source File Inclusion /docs/alerts/10017/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10017/ <p>The page includes one or more script files from a third-party domain.</p> Loosely Scoped Cookie /docs/alerts/90033/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90033/ <p>Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. <a href="http://www.nottrusted.com">www.nottrusted.com</a>, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.</p> Prototype pollution influenced fetch() init /docs/alerts/210008-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210008-1/ <p>A prior tainted prototype write influenced inherited fetch() init fields.</p> <p>Generated by OWASP PTK IAST Module</p> Review dynamic import usage /docs/alerts/220007-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-3/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Review importScripts usage /docs/alerts/220007-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-7/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Review jQuery getScript usage /docs/alerts/220007-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-1/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Review serviceWorker.register usage /docs/alerts/220007-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-6/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Review SharedWorker constructor usage /docs/alerts/220007-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-5/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Review System.import usage /docs/alerts/220007-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-2/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Review Worker constructor usage /docs/alerts/220007-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-4/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Tainted dangerous key used in prototype write /docs/alerts/210008-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210008-2/ <p>Tainted data reached a dangerous prototype key write.</p> <p>Generated by OWASP PTK IAST Module</p> Tainted worker or script loader URL /docs/alerts/220007-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-8/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p>