ZAP Alert Details on ZAP

ZAP Alert Details on ZAP /docs/alerts/ Recent content in ZAP Alert Details on ZAP Hugo en-us Wed, 24 Jan 2024 15:42:00 +0000 Apache Range Header DoS (CVE-2011-3192) /docs/alerts/10053/ Mon, 02 Nov 2020 15:05:54 +0000 /docs/alerts/10053/ <p>The byterange filter in earlier versions of the Apache HTTP Server allows remote attackers to cause a denial of service (memory and CPU exhaustion) via a Range request header that identifies multiple overlapping ranges. This issue was exploited in the wild in August 2011.</p> <h2 id="deprecated-2020-06-13">Deprecated: 2020-06-13 <a class="header-link" href="#deprecated-2020-06-13"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2> <p>Produced too many false positives and is no longer relevant.</p> Insecure Component /docs/alerts/10046/ Fri, 30 Oct 2020 12:12:42 +0000 /docs/alerts/10046/ <p>Based on passive analysis of the response, insecure component {0} {1} appears to be in use. The highest noted CVSS rating for this product version is {2}. In total, {3} vulnerabilities were noted. Some Linux distributions such as Red Hat employ the practice of retaining old version numbers when security fixes are “backported”. These cases are noted as “False Positives”, but should be manually verified.</p> Web Browser XSS Protection Not Enabled /docs/alerts/10016/ Fri, 30 Oct 2020 12:12:42 +0000 /docs/alerts/10016/ <p>Web Browser XSS Protection is not enabled, or is disabled by the configuration of the ‘X-XSS-Protection’ HTTP response header on the web server</p> <h2 id="deprecated-2020-02-11">Deprecated: 2020-02-11 <a class="header-link" href="#deprecated-2020-02-11"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2> <p>No longer widely supported by browsers.</p> .env Information Leak /docs/alerts/40034/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40034/ <p>One or more .env files seems to have been located on the server. These files often expose infrastructure or administrative account credentials, API or APP keys, or other sensitive configuration information.</p> .htaccess Information Leak /docs/alerts/40032/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40032/ <p>htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer.</p> .NET stack trace / YSOD /docs/alerts/200010-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200010-3/ <p>Detects common framework stack traces, error pages, and path disclosures in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> A Client Error response code was returned by the server /docs/alerts/100000-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100000-1/ <p>A response code of 400 was returned by the server. This may indicate that the application is failing to handle unexpected input correctly. Raised by the ‘Alert on HTTP Response Code Error’ script</p> A Server Error response code was returned by the server /docs/alerts/100000-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100000-2/ <p>A response code of 500 was returned by the server. This may indicate that the application is failing to handle unexpected input correctly. Raised by the ‘Alert on HTTP Response Code Error’ script</p> Absence of Anti-CSRF Tokens /docs/alerts/10202/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10202/ <p>No Anti-CSRF tokens were found in a HTML submission form. A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.</p> Access Control Issue - Improper Authentication /docs/alerts/10101/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10101/ <p>Insufficient Authentication occurs when a web site permits an attacker to access sensitive content or functionality without having to properly authenticate. Web-based administration tools are a good example of web sites providing access to sensitive functionality. Depending on the specific online resource, these web applications should not be directly accessible without requiring the user to properly verify their identity.</p> Access Control Issue - Improper Authorization /docs/alerts/10102/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10102/ <p>Insufficient Authorization results when an application does not perform adequate authorization checks to ensure that the user is performing a function or accessing data in a manner consistent with the security policy. Authorization procedures should enforce what a user, service or application is permitted to do. When a user is authenticated to a web site, it does not necessarily mean that the user should have full access to all content and functionality.</p> access_token/id_token in URL /docs/alerts/200014-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200014-1/ <p>Detects access tokens, JWTs, and API keys present in URLs or query strings observed in traffic.</p> <p>Generated by OWASP PTK DAST Module</p> Admin/management path observed /docs/alerts/200019-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200019-1/ <p>Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).</p> <p>Generated by OWASP PTK DAST Module</p> Advanced SQL Injection /docs/alerts/90018/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90018/ <p>A SQL injection may be possible using the attached payload.</p> An Error response code was returned by the server /docs/alerts/100000/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100000/ Anchor href manipulated from tainted source /docs/alerts/210019-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019-6/ <p>Tainted value assigned to href attribute.</p> <p>Generated by OWASP PTK IAST Module</p> Android assetlinks.json observed /docs/alerts/200013-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200013-3/ <p>Flags security-relevant well-known resources and metadata files when they appear in observed traffic.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS $parse expression from cookie /docs/alerts/210009-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210009-3/ <p>Cookie-controlled expression value reaches AngularJS $parse.</p> <p>Generated by OWASP PTK IAST Module</p> AngularJS $parse expression from form input /docs/alerts/210009-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210009-2/ <p>Form-controlled expression value reaches AngularJS $parse.</p> <p>Generated by OWASP PTK IAST Module</p> AngularJS $parse expression from localStorage /docs/alerts/210009-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210009-4/ <p>Storage-controlled expression value reaches AngularJS $parse.</p> <p>Generated by OWASP PTK IAST Module</p> AngularJS $parse expression from postMessage /docs/alerts/210009-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210009-5/ <p>postMessage-controlled expression value reaches AngularJS $parse.</p> <p>Generated by OWASP PTK IAST Module</p> AngularJS client-side template / expression injection /docs/alerts/200021/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021/ AngularJS client-side template / expression injection /docs/alerts/220004/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220004/ AngularJS expression / client-template injection /docs/alerts/210009/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210009/ AngularJS expression executed through Function constructor /docs/alerts/210009-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210009-1/ <p>Tainted data reached dynamic code execution while AngularJS expression parsing/compilation was active. This covers interpolation and $parse-style AngularJS expression injection cases.</p> <p>Generated by OWASP PTK IAST Module</p> AngularJS expression injection - eval expression 1.4.0 to 1.4.9 /docs/alerts/200021-24/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-24/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS expression injection - expression 1.0.1 to 1.1.5 /docs/alerts/200021-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-2/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS expression injection - expression 1.2.0 to 1.2.18 /docs/alerts/200021-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-5/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS expression injection - expression 1.2.19 to 1.2.23 /docs/alerts/200021-10/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-10/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS expression injection - expression 1.2.24 to 1.2.26 /docs/alerts/200021-12/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-12/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS expression injection - expression 1.2.27 to 1.3.20 /docs/alerts/200021-13/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-13/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS expression injection - expression 1.2.6 to 1.2.18 /docs/alerts/200021-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-8/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS expression injection - expression 1.4.0 to 1.4.5 /docs/alerts/200021-15/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-15/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS expression injection - expression 1.4.2 to 1.5.8 /docs/alerts/200021-17/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-17/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS expression injection - expression 1.6 and later /docs/alerts/200021-19/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-19/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS expression injection - single-quote expression 1.2.19 to 1.2.23 /docs/alerts/200021-20/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-20/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS interpolation delimiters in template string /docs/alerts/220004-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220004-5/ <p>Finds AngularJS code patterns where untrusted data is compiled or parsed as AngularJS expressions/templates, including $parse, $interpolate, $compile, interpolation delimiters and ng-* expression attributes.</p> <p>Generated by OWASP PTK SAST Module</p> AngularJS ng-* expression attribute /docs/alerts/220004-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220004-6/ <p>Finds AngularJS code patterns where untrusted data is compiled or parsed as AngularJS expressions/templates, including $parse, $interpolate, $compile, interpolation delimiters and ng-* expression attributes.</p> <p>Generated by OWASP PTK SAST Module</p> AngularJS template injection - alternate delimiters 1.6 and later /docs/alerts/200021-25/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-25/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS template injection - HTML entity alternate delimiters 1.4.0 to 1.4.9 /docs/alerts/200021-23/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-23/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS template injection - HTML entity delimiters 1.4.0 to 1.4.9 /docs/alerts/200021-22/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-22/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS template injection - reflected 1.0.1 to 1.1.5 /docs/alerts/200021-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-1/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS template injection - reflected 1.2.0 to 1.2.1 /docs/alerts/200021-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-4/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS template injection - reflected 1.2.19 to 1.2.23 /docs/alerts/200021-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-9/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS template injection - reflected 1.2.2 to 1.2.5 /docs/alerts/200021-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-6/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS template injection - reflected 1.2.24 to 1.2.29 /docs/alerts/200021-11/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-11/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS template injection - reflected 1.2.6 to 1.2.18 /docs/alerts/200021-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-7/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS template injection - reflected 1.4.0 to 1.4.9 /docs/alerts/200021-14/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-14/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS template injection - reflected 1.5.0 to 1.5.8 /docs/alerts/200021-16/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-16/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS template injection - reflected 1.6 and later /docs/alerts/200021-18/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-18/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS template injection - reflected eval 1.4.0 to 1.4.9 /docs/alerts/200021-21/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-21/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> AngularJS template injection - reflected short legacy 1.0.1 to 1.1.5 /docs/alerts/200021-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200021-3/ <p>Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.</p> <p>Generated by OWASP PTK DAST Module</p> Anti-clickjacking Header /docs/alerts/10020/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10020/ Anti-CSRF Tokens Check /docs/alerts/20012/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20012/ <p>A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.</p> API docs endpoint observed /docs/alerts/200012-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200012-3/ <p>Detects exposure of API documentation, specs, and interactive consoles observed in traffic.</p> <p>Generated by OWASP PTK DAST Module</p> api_key/key in URL /docs/alerts/200014-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200014-3/ <p>Detects access tokens, JWTs, and API keys present in URLs or query strings observed in traffic.</p> <p>Generated by OWASP PTK DAST Module</p> Apple app-site-association observed /docs/alerts/200013-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200013-4/ <p>Flags security-relevant well-known resources and metadata files when they appear in observed traffic.</p> <p>Generated by OWASP PTK DAST Module</p> Application Error Disclosure /docs/alerts/90022/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90022/ <p>This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.</p> Application Error Disclosure via WebSockets /docs/alerts/110001/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/110001/ <p>This payload contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application.</p> ASP.NET ViewState Disclosure /docs/alerts/10094-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10094-1/ <p>An ASP.NET ViewState was disclosed by the application/web server.</p> ASP.NET ViewState Integrity /docs/alerts/10094-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10094-2/ <p>The application does not use a Message Authentication Code (MAC) to protect the integrity of the ASP.NET ViewState, which can be tampered with by a malicious client.</p> Authentication Credentials Captured /docs/alerts/10105-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10105-1/ <p>An insecure authentication mechanism is in use. This allows an attacker on the network access to the userid and password of the authenticated user. For Basic Authentication, the attacker must merely monitor the network traffic until a Basic Authentication request is received, and then base64 decode the username and password. For Digest Authentication, the attacker has access to the username, and possibly also the password, if the hash (including a nonce) can be successfully cracked, or if a Man-In-The-Middle attack is mounted. The attacker eavesdrops on the network until an authentication has completed.</p> Authentication Request Identified /docs/alerts/10111/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10111/ <p>The given request has been identified as an authentication request. The ‘Other Info’ field contains a set of key=value lines which identify any relevant fields. If the request is in a context which has an Authentication Method set to “Auto-Detect” then this rule will change the authentication to match the request identified.</p> Avoid eval with string literals /docs/alerts/220003-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220003-3/ <p>Detects dynamic execution of attacker-controlled strings in JavaScript sinks such as eval(), Function(), string-based timers, execScript, or script.text assignments. Exploiting these flows lets attackers execute arbitrary JS without relying on HTML injection.</p> <p>Generated by OWASP PTK SAST Module</p> Avoid execScript dynamic execution /docs/alerts/220003-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220003-2/ <p>Detects dynamic execution of attacker-controlled strings in JavaScript sinks such as eval(), Function(), string-based timers, execScript, or script.text assignments. Exploiting these flows lets attackers execute arbitrary JS without relying on HTML injection.</p> <p>Generated by OWASP PTK SAST Module</p> Avoid Function constructor with strings /docs/alerts/220003-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220003-4/ <p>Detects dynamic execution of attacker-controlled strings in JavaScript sinks such as eval(), Function(), string-based timers, execScript, or script.text assignments. Exploiting these flows lets attackers execute arbitrary JS without relying on HTML injection.</p> <p>Generated by OWASP PTK SAST Module</p> Avoid permissive regex origin checks /docs/alerts/220008-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-4/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> Avoid postMessage with wildcard targetOrigin /docs/alerts/220008-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-1/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> Avoid string-based timers /docs/alerts/220003-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220003-1/ <p>Detects dynamic execution of attacker-controlled strings in JavaScript sinks such as eval(), Function(), string-based timers, execScript, or script.text assignments. Exploiting these flows lets attackers execute arbitrary JS without relying on HTML injection.</p> <p>Generated by OWASP PTK SAST Module</p> Avoid weak origin substring checks /docs/alerts/220008-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-3/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> AWS Access Key ID pattern /docs/alerts/200011-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200011-2/ <p>Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.</p> <p>Generated by OWASP PTK DAST Module</p> Backup File Detected /docs/alerts/100030/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100030/ <p>A backup or alternate version of a page or component was detected. An attacker may leverage information in such files to further attack or abuse the system.</p> Backup File Disclosure /docs/alerts/10095/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10095/ <p>A backup of the file was disclosed by the web server.</p> Base64 Disclosure /docs/alerts/10094-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10094-3/ <p>Base64 encoded data was disclosed by the application/web server. Note: in the interests of performance not all base64 strings in the response were analyzed individually, the entire response should be looked at by the analyst/security team/developer(s).</p> Base64 Disclosure /docs/alerts/10094/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10094/ Base64 Disclosure in WebSocket message /docs/alerts/110002/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/110002/ <p>A Base64-encoded string has been found in the websocket incoming message. Base64-encoded data may contain sensitive information such as usernames, passwords or cookies which should be further inspected. Decoded evidence: example.</p> Big Redirect Detected (Potential Sensitive Information Leak) /docs/alerts/10044-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10044-1/ <p>The server has responded with a redirect that seems to provide a large response. This may indicate that although the server sent a redirect it also responded with body content (which may include sensitive details, PII, etc.).</p> Big Redirect Detected (Potential Sensitive Information Leak) /docs/alerts/10044/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10044/ Browser-navigation DOM XSS via URL parameters /docs/alerts/200022/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022/ Buffer Overflow /docs/alerts/30001/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/30001/ <p>Buffer overflow errors are characterized by the overwriting of memory spaces of the background web process, which should have never been modified intentionally or unintentionally. Overwriting values of the IP (Instruction Pointer), BP (Base Pointer) and other registers causes exceptions, segmentation faults, and other process errors to occur. Usually these errors end execution of the application in an unexpected way.</p> Bypassing 403 /docs/alerts/40038/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40038/ <p>Bypassing 403 endpoints may be possible, the scan rule sent a payload that caused the response to be accessible (status code 200).</p> Cache-Control public/max-age with Set-Cookie /docs/alerts/200018/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200018/ <p>Flags potentially risky cacheability for responses that appear user-specific and missing cache partitioning indicators.</p> <p>Generated by OWASP PTK DAST Module</p> Charset Mismatch /docs/alerts/90011-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90011-4/ <p>This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there’s a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content’s correct character set.</p> Charset Mismatch /docs/alerts/90011/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90011/ Charset Mismatch (Header Versus Meta Charset) /docs/alerts/90011-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90011-2/ <p>This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there’s a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content’s correct character set.</p> Charset Mismatch (Header Versus Meta Content-Type Charset) /docs/alerts/90011-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90011-1/ <p>This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there’s a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content’s correct character set.</p> Charset Mismatch (Meta Charset Versus Meta Content-Type Charset) /docs/alerts/90011-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90011-3/ <p>This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there’s a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content’s correct character set.</p> Clear-Site-Data present but missing executionContexts /docs/alerts/200005-17/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-17/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> Clear-Site-Data uses wildcard * /docs/alerts/200005-18/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-18/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> Client Script Loader Poisoning /docs/alerts/220007/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007/ Client-Side Data Flow /docs/alerts/40100/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40100/ <p>An interesting data-flow was found in client-side JavaScript</p> Client-side HTTP exfiltration sinks /docs/alerts/210013/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210013/ Client-side navigation sinks /docs/alerts/210002/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210002/ Client-side redirect via history.pushState /docs/alerts/210015-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210015-4/ <p>Tainted URL passed to history.pushState, altering client-side navigation.</p> <p>Generated by OWASP PTK IAST Module</p> Client-side redirect via location.assign /docs/alerts/210015-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210015-2/ <p>Tainted destination URL passed to location.assign.</p> <p>Generated by OWASP PTK IAST Module</p> Client-side redirect via location.href /docs/alerts/210015-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210015-1/ <p>Tainted data assigned to location.href, causing a client-side redirect.</p> <p>Generated by OWASP PTK IAST Module</p> Client-side redirect via location.replace /docs/alerts/210015-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210015-3/ <p>Tainted destination URL passed to location.replace.</p> <p>Generated by OWASP PTK IAST Module</p> Client-side route change via history.replaceState /docs/alerts/210015-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210015-5/ <p>Tainted URL passed to history.replaceState, altering client-side navigation state.</p> <p>Generated by OWASP PTK IAST Module</p> Client-side Template Injection /docs/alerts/220005/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220005/ Cloud metadata IP referenced /docs/alerts/200016-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200016-4/ <p>Detects internal hostnames/IPs and environment hints (staging/dev/local) disclosed in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> Cloud Metadata Potentially Exposed /docs/alerts/90034/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90034/ <p>The Cloud Metadata Attack attempts to abuse a misconfigured NGINX server in order to access the instance metadata maintained by cloud service providers such as AWS, GCP and Azure. All of these providers provide metadata via an internal unroutable IP address ‘169.254.169.254’ - this can be exposed by incorrectly configured NGINX servers and accessed by using this IP address in the Host header field.</p> COEP present but value is not 'require-corp' or 'credentialless' /docs/alerts/200005-14/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-14/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> Content Cacheability /docs/alerts/10049/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10049/ Content Security Policy (CSP) Header Not Set /docs/alerts/10038-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10038-1/ <p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p> Content Security Policy (CSP) Header Not Set /docs/alerts/10038/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10038/ Content Security Policy (CSP) Report-Only Header Found /docs/alerts/10038-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10038-3/ <p>The response contained a Content-Security-Policy-Report-Only header, this may indicate a work-in-progress implementation, or an oversight in promoting pre-Prod to Prod, etc.</p> <p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p> Content Security Policy Violations Reporting Enabled /docs/alerts/100004/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100004/ Content-Type Header Empty /docs/alerts/10019-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10019-2/ <p>The Content-Type header was either missing or empty.</p> Content-Type Header Missing /docs/alerts/10019-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10019-1/ <p>The Content-Type header was either missing or empty.</p> Content-Type Header Missing /docs/alerts/10019/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10019/ Cookie No HttpOnly Flag /docs/alerts/10010/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10010/ <p>A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.</p> Cookie Poisoning /docs/alerts/10029/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10029/ <p>This check looks at user-supplied input in query string parameters and POST data to identify where cookie parameters might be controlled. This is called a cookie poisoning attack, and becomes exploitable when an attacker can manipulate the cookie in various ways. In some cases this will not be exploitable, however, allowing URL parameters to set cookie values is generally considered a bug.</p> Cookie Set Without HttpOnly Flag /docs/alerts/100003/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100003/ <p>A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.</p> Cookie Slack Detector /docs/alerts/90027/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90027/ <p>Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.</p> Cookie with Invalid SameSite Attribute /docs/alerts/10054-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10054-3/ <p>A cookie has been set with an invalid SameSite attribute value, which means that the cookie can be sent as a result of a ‘cross-site’ request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.</p> Cookie with SameSite Attribute None /docs/alerts/10054-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10054-2/ <p>A cookie has been set with its SameSite attribute set to “none”, which means that the cookie can be sent as a result of a ‘cross-site’ request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.</p> Cookie without SameSite Attribute /docs/alerts/10054-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10054-1/ <p>A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a ‘cross-site’ request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.</p> Cookie without SameSite Attribute /docs/alerts/10054/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10054/ Cookie Without Secure Flag /docs/alerts/10011/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10011/ <p>A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.</p> COOP present but value is not 'same-origin' /docs/alerts/200005-23/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-23/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> COOP set without COEP/CORP (incomplete cross-origin isolation) /docs/alerts/200005-13/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-13/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> CORS allows any origin with credentials /docs/alerts/200005-19/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-19/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> CORS allows broad headers /docs/alerts/200017-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200017-3/ <p>Adds passive CORS posture checks: missing Vary: Origin for dynamic ACAO, and permissive allowed headers/methods.</p> <p>Generated by OWASP PTK DAST Module</p> CORS allows broad methods /docs/alerts/200017-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200017-2/ <p>Adds passive CORS posture checks: missing Vary: Origin for dynamic ACAO, and permissive allowed headers/methods.</p> <p>Generated by OWASP PTK DAST Module</p> CORS Header /docs/alerts/40040-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40040-1/ <p>Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. It relaxes the Same-Origin Policy (SOP).</p> CORS Header /docs/alerts/40040/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40040/ CORS Misconfiguration /docs/alerts/40040-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40040-2/ <p>This CORS misconfiguration could allow an attacker to perform AJAX queries to the vulnerable website from a malicious page loaded by the victim’s user agent. In order to perform authenticated AJAX queries, the server must specify the header “Access-Control-Allow-Credentials: true” and the “Access-Control-Allow-Origin” header must be set to null or the malicious page’s domain. Even if this misconfiguration doesn’t allow authenticated AJAX requests, unauthenticated sensitive content can still be accessed (e.g intranet websites). A malicious page can belong to a malicious website but also a trusted website with flaws (e.g XSS, support of HTTP without TLS allowing code injection through MITM, etc).</p> CORS Misconfiguration /docs/alerts/40040-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40040-3/ <p>This CORS misconfiguration could allow an attacker to perform AJAX queries to the vulnerable website from a malicious page loaded by the victim’s user agent. In order to perform authenticated AJAX queries, the server must specify the header “Access-Control-Allow-Credentials: true” and the “Access-Control-Allow-Origin” header must be set to null or the malicious page’s domain. Even if this misconfiguration doesn’t allow authenticated AJAX requests, unauthenticated sensitive content can still be accessed (e.g intranet websites). A malicious page can belong to a malicious website but also a trusted website with flaws (e.g XSS, support of HTTP without TLS allowing code injection through MITM, etc).</p> Credit Card Number /docs/alerts/200006-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200006-1/ <p>Sensitive data is anything that should not be accessible to admin access, known as sensitive data. Sensitive data may include personally identifiable information (PII), such as Social Security numbers, financial information, or login credentials. Sensitive Data Exposure occurs when an organization unknowingly exposes sensitive data or when a security incident leads to the accidental or unlawful destruction, loss, alteration, or admin disclosure of, or access to sensitive data.</p> CRLF Injection /docs/alerts/40003/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40003/ <p>Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response headers. In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist.</p> Cross Site Request Forgery /docs/alerts/40103/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40103/ <p>A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.</p> Cross Site Scripting (DOM Based) /docs/alerts/40026/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40026/ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology. When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p> Cross Site Scripting (Persistent) /docs/alerts/40014-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40014-1/ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology. When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p> Cross Site Scripting (Persistent) /docs/alerts/40014-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40014-3/ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology. When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p> Cross Site Scripting (Persistent) /docs/alerts/40014/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40014/ Cross Site Scripting (Persistent) - Prime /docs/alerts/40016/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40016/ Cross Site Scripting (Persistent) - Spider /docs/alerts/40017/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40017/ Cross Site Scripting (Reflected) /docs/alerts/40012/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40012/ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology. When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p> Cross Site Scripting Weakness (Persistent in JSON Response) /docs/alerts/40014-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40014-2/ <p>A XSS attack was found in a JSON response, this might leave content consumers vulnerable to attack if they don’t appropriately handle the data (response).</p> Cross-Domain JavaScript Source File Inclusion /docs/alerts/10017/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10017/ <p>The page includes one or more script files from a third-party domain.</p> Cross-Domain Misconfiguration /docs/alerts/10098/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10098/ <p>Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.</p> Cross-Domain Misconfiguration /docs/alerts/20016/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20016/ Cross-Domain Misconfiguration - Adobe - Read /docs/alerts/20016-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20016-1/ <p>Flash/Silverlight based cross-site request forgery may be possible, due to a misconfiguration on the web server.</p> Cross-Domain Misconfiguration - Adobe - Send /docs/alerts/20016-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20016-2/ <p>Flash/Silverlight based cross-site request forgery may be possible, due to a misconfiguration on the web server.</p> Cross-Domain Misconfiguration - Silverlight /docs/alerts/20016-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20016-3/ <p>Silverlight based cross-site request forgery may be possible, due to a misconfiguration on the web server.</p> Cross-Origin-Embedder-Policy Header Missing or Invalid /docs/alerts/90004-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90004-2/ <p>Cross-Origin-Embedder-Policy header is a response header that prevents a document from loading any cross-origin resources that don’t explicitly grant the document permission (using CORP or CORS).</p> Cross-Origin-Opener-Policy Header Missing or Invalid /docs/alerts/90004-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90004-3/ <p>Cross-Origin-Opener-Policy header is a response header that allows a site to control if others included documents share the same browsing context. Sharing the same browsing context with untrusted documents might lead to data leak.</p> Cross-Origin-Resource-Policy Header Missing or Invalid /docs/alerts/90004-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90004-1/ <p>Cross-Origin-Resource-Policy header is an opt-in header designed to counter side-channels attacks like Spectre. Resource should be specifically set as shareable amongst different origins.</p> Cross-site Scripting /docs/alerts/40101/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40101/ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology. When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p> Cross-site Scripting /docs/alerts/40102/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40102/ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology. When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p> Cross-Site WebSocket Hijacking /docs/alerts/100025/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100025/ <p>Server accepted WebSocket connection through HTTP Upgrade request with modified Origin header.</p> CSP /docs/alerts/10055/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10055/ CSP 'frame-ancestors' missing or overly broad /docs/alerts/200005-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-3/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> CSP allows inline/eval or wildcards in script/style /docs/alerts/200005-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-2/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> CSP Report-Only present without enforcing CSP /docs/alerts/200005-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-4/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> CSP: Failure to Define Directive with No Fallback /docs/alerts/10055-13/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10055-13/ <p>The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.</p> CSP: Header & Meta /docs/alerts/10055-12/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10055-12/ <p>The message contained both CSP specified via header and via Meta tag. It was not possible to union these policies in order to perform an analysis. Therefore, they have been evaluated individually.</p> CSP: Malformed Policy (Non-ASCII) /docs/alerts/10055-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10055-9/ <p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p> CSP: Meta Policy Invalid Directive /docs/alerts/10055-11/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10055-11/ <p>The policy specified via meta element contains either or both the sandbox or frame-ancestors directive, which are not permitted inside meta CSP definitions.</p> CSP: Notices /docs/alerts/10055-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10055-3/ <p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p> CSP: script-src unsafe-eval /docs/alerts/10055-10/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10055-10/ <p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p> CSP: script-src unsafe-hashes /docs/alerts/10055-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10055-7/ <p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p> CSP: script-src unsafe-inline /docs/alerts/10055-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10055-5/ <p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p> CSP: style-src unsafe-hashes /docs/alerts/10055-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10055-8/ <p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p> CSP: style-src unsafe-inline /docs/alerts/10055-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10055-6/ <p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p> CSP: Wildcard Directive /docs/alerts/10055-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10055-4/ <p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p> CSP: X-Content-Security-Policy /docs/alerts/10055-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10055-1/ <p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p> CSP: X-WebKit-CSP /docs/alerts/10055-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10055-2/ <p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p> Dangerous form target URL schemes /docs/alerts/210006/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210006/ Dangerous JS Functions /docs/alerts/10110/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10110/ <p>A dangerous JS function seems to be in use that would leave the site vulnerable.</p> Dangerous URL scheme execution sinks /docs/alerts/210003/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003/ data: URL assigned to form action /docs/alerts/210006-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210006-3/ <p>Tainted data: URL assigned to form action.</p> <p>Generated by OWASP PTK IAST Module</p> data: URL assigned to formAction /docs/alerts/210006-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210006-4/ <p>Tainted data: URL assigned to formAction.</p> <p>Generated by OWASP PTK IAST Module</p> data: URL assigned to href /docs/alerts/210003-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-5/ <p>Tainted data: URL assigned to href.</p> <p>Generated by OWASP PTK IAST Module</p> data: URL assigned to iframe.src /docs/alerts/210003-15/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-15/ <p>Tainted data: URL assigned to iframe.src.</p> <p>Generated by OWASP PTK IAST Module</p> data: URL assigned to script.src /docs/alerts/210003-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-4/ <p>Tainted data: URL assigned to script.src and treated as executable content.</p> <p>Generated by OWASP PTK IAST Module</p> data: URL assigned to src /docs/alerts/210003-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-7/ <p>Tainted data: URL assigned to a generic src attribute.</p> <p>Generated by OWASP PTK IAST Module</p> data: URL navigated via location.assign /docs/alerts/210003-10/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-10/ <p>Tainted data: URL passed to location.assign.</p> <p>Generated by OWASP PTK IAST Module</p> data: URL navigated via location.href /docs/alerts/210003-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-8/ <p>Tainted data: URL assigned to location.href.</p> <p>Generated by OWASP PTK IAST Module</p> data: URL navigated via location.replace /docs/alerts/210003-12/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-12/ <p>Tainted data: URL passed to location.replace.</p> <p>Generated by OWASP PTK IAST Module</p> data: URL opened via window.open /docs/alerts/210003-14/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-14/ <p>Tainted data: URL passed to window.open.</p> <p>Generated by OWASP PTK IAST Module</p> Debug/diagnostic path observed /docs/alerts/200019-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200019-2/ <p>Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).</p> <p>Generated by OWASP PTK DAST Module</p> Deprecated Feature Policy Header Set /docs/alerts/10063-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10063-2/ <p>The header has now been renamed to Permissions-Policy.</p> Deprecated Feature-Policy or unknown/overly-permissive Permissions-Policy /docs/alerts/200005-15/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-15/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> Directory Browsing /docs/alerts/0/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/0/ <p>It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.</p> Directory Browsing /docs/alerts/10033/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10033/ <p>It is possible to view a listing of the directory contents. Directory listings may reveal hidden scripts, include files, backup source files, etc., which can be accessed to reveal sensitive information.</p> Disallow direct document.cookie assignment (incl. bracket access) /docs/alerts/220001-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220001-1/ <p>Detects cases where attacker-controlled DOM data is written into cookies (document.cookie or common wrapper functions). Can indicate session fixation, logic control, or preparation for exploit-chains.</p> <p>Generated by OWASP PTK SAST Module</p> Disallow direct navigation primitives /docs/alerts/220002-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220002-1/ <p>Detects client-side code that can redirect users to attacker-controlled URLs (open redirects). Includes assignment/calls that control window/location/navigation, attr-based redirects, form actions and jQuery variants.</p> <p>Generated by OWASP PTK SAST Module</p> Disallow document.write()/writeln() /docs/alerts/220000-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220000-3/ <p>Detects cases where untrusted data from the DOM (URL, element values, storage, messages, etc.) flows into HTML/JS execution sinks (e.g., innerHTML, outerHTML, document.write, string-based setTimeout, insertAdjacentHTML) without proper sanitization or encoding \u2014 enabling DOM-based cross-site scripting.</p> <p>Generated by OWASP PTK SAST Module</p> Disallow innerHTML/outerHTML assignments /docs/alerts/220000-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220000-1/ <p>Detects cases where untrusted data from the DOM (URL, element values, storage, messages, etc.) flows into HTML/JS execution sinks (e.g., innerHTML, outerHTML, document.write, string-based setTimeout, insertAdjacentHTML) without proper sanitization or encoding \u2014 enabling DOM-based cross-site scripting.</p> <p>Generated by OWASP PTK SAST Module</p> Disallow insertAdjacentHTML() /docs/alerts/220000-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220000-7/ <p>Detects cases where untrusted data from the DOM (URL, element values, storage, messages, etc.) flows into HTML/JS execution sinks (e.g., innerHTML, outerHTML, document.write, string-based setTimeout, insertAdjacentHTML) without proper sanitization or encoding \u2014 enabling DOM-based cross-site scripting.</p> <p>Generated by OWASP PTK SAST Module</p> DOM Data Manipulation /docs/alerts/220010/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220010/ DOM link and attribute navigation sinks /docs/alerts/210014/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210014/ DOM parser and unsafe HTML sinks /docs/alerts/210016/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210016/ DOM URL-based navigation sinks /docs/alerts/210015/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210015/ DOM XSS from secondary client-side sources /docs/alerts/210017/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210017/ DOM XSS sinks /docs/alerts/210000/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210000/ DOM XSS via document.write /docs/alerts/210000-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210000-5/ <p>Tainted data passed to document.write.</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via document.write (secondary sources) /docs/alerts/210017-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210017-4/ <p>Persisted/reflected client-side values reached document.write.</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via DOM mutation (secondary sources) /docs/alerts/210017-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210017-6/ <p>Persisted/reflected client-side values reached mutation sinks.</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via DOM mutations /docs/alerts/210000-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210000-6/ <p>Tainted data inserted into the DOM via DOM mutation APIs.</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via DOMParser.parseFromString /docs/alerts/210016-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210016-1/ <p>Tainted HTML parsed through DOMParser.parseFromString with an HTML-like MIME type.</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via Element.innerHTML /docs/alerts/210000-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210000-2/ <p>Tainted data assigned to innerHTML (possible DOM XSS).</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via Element.outerHTML /docs/alerts/210000-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210000-3/ <p>Tainted data assigned to outerHTML (possible DOM XSS).</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via Element.setHTMLUnsafe /docs/alerts/210016-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210016-3/ <p>Tainted HTML passed to Element.setHTMLUnsafe.</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via iframe.srcdoc (secondary sources) /docs/alerts/210017-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210017-7/ <p>Persisted/reflected client-side values reached iframe.srcdoc.</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via inline event handler /docs/alerts/210000-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210000-1/ <p>Tainted data flowed into an inline event handler.</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via inline handlers (secondary sources) /docs/alerts/210017-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210017-5/ <p>Persisted/reflected client-side values reached inline event handlers.</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via innerHTML (Angular) /docs/alerts/220000-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220000-9/ <p>Detects cases where untrusted data from the DOM (URL, element values, storage, messages, etc.) flows into HTML/JS execution sinks (e.g., innerHTML, outerHTML, document.write, string-based setTimeout, insertAdjacentHTML) without proper sanitization or encoding \u2014 enabling DOM-based cross-site scripting.</p> <p>Generated by OWASP PTK SAST Module</p> DOM XSS via innerHTML (secondary sources) /docs/alerts/210017-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210017-1/ <p>Persisted/reflected client-side values reached innerHTML.</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via insertAdjacentHTML /docs/alerts/210000-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210000-4/ <p>Tainted HTML passed into insertAdjacentHTML.</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via insertAdjacentHTML (secondary sources) /docs/alerts/210017-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210017-3/ <p>Persisted/reflected client-side values reached insertAdjacentHTML.</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via outerHTML (secondary sources) /docs/alerts/210017-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210017-2/ <p>Persisted/reflected client-side values reached outerHTML.</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via query param attribute breakout /docs/alerts/200022-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-2/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param attribute-name event injection /docs/alerts/200022-11/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-11/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param double-quoted attribute event breakout /docs/alerts/200022-12/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-12/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param double-quoted resource onerror breakout /docs/alerts/200022-13/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-13/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param event-handler value /docs/alerts/200022-10/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-10/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param HTML image onerror /docs/alerts/200022-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-1/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param javascript: URL /docs/alerts/200022-17/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-17/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param JS block-comment breakout /docs/alerts/200022-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-8/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param JS double-quote breakout /docs/alerts/200022-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-3/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param JS expression execution /docs/alerts/200022-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-6/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param JS regex breakout /docs/alerts/200022-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-7/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param JS single-quote breakout /docs/alerts/200022-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-4/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param JS template literal breakout /docs/alerts/200022-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-5/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param script-tag breakout /docs/alerts/200022-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-9/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param single-quoted attribute event breakout /docs/alerts/200022-14/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-14/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param style-block breakout /docs/alerts/200022-18/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-18/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param SVG tag-name event injection /docs/alerts/200022-16/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-16/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via query param unquoted attribute event injection /docs/alerts/200022-15/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200022-15/ <p>Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.</p> <p>Generated by OWASP PTK DAST Module</p> DOM XSS via Range.createContextualFragment /docs/alerts/210016-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210016-2/ <p>Tainted HTML passed to Range.createContextualFragment.</p> <p>Generated by OWASP PTK IAST Module</p> DOM XSS via ShadowRoot.setHTMLUnsafe /docs/alerts/210016-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210016-4/ <p>Tainted HTML passed to ShadowRoot.setHTMLUnsafe.</p> <p>Generated by OWASP PTK IAST Module</p> DOM-based Cookie Manipulation /docs/alerts/220001/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220001/ DOM-based Cookie Manipulation (taint flow) /docs/alerts/220001-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220001-2/ <p>Detects cases where attacker-controlled DOM data is written into cookies (document.cookie or common wrapper functions). Can indicate session fixation, logic control, or preparation for exploit-chains.</p> <p>Generated by OWASP PTK SAST Module</p> DOM-based JavaScript Injection /docs/alerts/220003/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220003/ DOM-based JavaScript Injection (taint flow) /docs/alerts/220003-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220003-5/ <p>Detects dynamic execution of attacker-controlled strings in JavaScript sinks such as eval(), Function(), string-based timers, execScript, or script.text assignments. Exploiting these flows lets attackers execute arbitrary JS without relying on HTML injection.</p> <p>Generated by OWASP PTK SAST Module</p> DOM-based Link Manipulation /docs/alerts/220009/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220009/ DOM-based Link Manipulation (taint flow) /docs/alerts/220009-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220009-2/ <p>Detects DOM code that rewrites link destinations (href attributes) with attacker-controlled data. Manipulated links can mislead users into visiting malicious targets even if navigation is not forced automatically.</p> <p>Generated by OWASP PTK SAST Module</p> DOM-based Open Redirection (taint flow) /docs/alerts/220002-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220002-3/ <p>Detects client-side code that can redirect users to attacker-controlled URLs (open redirects). Includes assignment/calls that control window/location/navigation, attr-based redirects, form actions and jQuery variants.</p> <p>Generated by OWASP PTK SAST Module</p> DOM-based XSS /docs/alerts/220000/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220000/ DOM-based XSS (taint flow) /docs/alerts/220000-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220000-8/ <p>Detects cases where untrusted data from the DOM (URL, element values, storage, messages, etc.) flows into HTML/JS execution sinks (e.g., innerHTML, outerHTML, document.write, string-based setTimeout, insertAdjacentHTML) without proper sanitization or encoding \u2014 enabling DOM-based cross-site scripting.</p> <p>Generated by OWASP PTK SAST Module</p> Dynamic ACAO without Vary: Origin /docs/alerts/200017-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200017-1/ <p>Adds passive CORS posture checks: missing Vary: Origin for dynamic ACAO, and permissive allowed headers/methods.</p> <p>Generated by OWASP PTK DAST Module</p> Dynamic AngularJS $compile/$interpolate template /docs/alerts/220004-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220004-4/ <p>Finds AngularJS code patterns where untrusted data is compiled or parsed as AngularJS expressions/templates, including $parse, $interpolate, $compile, interpolation delimiters and ng-* expression attributes.</p> <p>Generated by OWASP PTK SAST Module</p> Dynamic AngularJS $parse expression /docs/alerts/220004-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220004-3/ <p>Finds AngularJS code patterns where untrusted data is compiled or parsed as AngularJS expressions/templates, including $parse, $interpolate, $compile, interpolation delimiters and ng-* expression attributes.</p> <p>Generated by OWASP PTK SAST Module</p> Dynamic code execution via eval /docs/alerts/210001-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210001-1/ <p>Tainted string executed via eval().</p> <p>Generated by OWASP PTK IAST Module</p> Dynamic code execution via Function constructor /docs/alerts/210001-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210001-2/ <p>Tainted string executed via Function constructor.</p> <p>Generated by OWASP PTK IAST Module</p> Dynamic code execution via Function.apply /docs/alerts/210001-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210001-3/ <p>Tainted string executed via Function.apply.</p> <p>Generated by OWASP PTK IAST Module</p> Dynamic JS execution /docs/alerts/210001/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210001/ Dynamic template compilation /docs/alerts/220005-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220005-1/ <p>Detects dynamic client-side template compilation/rendering where attacker-controlled templates or outputs are injected into the DOM.</p> <p>Generated by OWASP PTK SAST Module</p> ELMAH Information Leak /docs/alerts/40028/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40028/ <p>The Error Logging Modules and Handlers (ELMAH [elmah.axd]) HTTP Module was found to be available. This module can leak a significant amount of valuable information.</p> Email address found in WebSocket message /docs/alerts/110004/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/110004/ <p>An email address was found in a WebSocket Message.</p> Emails Found in the Viewstate /docs/alerts/10032-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10032-2/ <p>Email addresses were found being serialized in the viewstate field.</p> Environment hints (dev/staging/test) in response /docs/alerts/200016-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200016-3/ <p>Detects internal hostnames/IPs and environment hints (staging/dev/local) disclosed in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> Environment/config file observed /docs/alerts/200019-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200019-7/ <p>Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).</p> <p>Generated by OWASP PTK DAST Module</p> eval() from storage/referrer taint /docs/alerts/210018-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210018-1/ <p>Storage/referrer taint reached eval().</p> <p>Generated by OWASP PTK IAST Module</p> Exfiltration via fetch headers /docs/alerts/210013-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210013-2/ <p>Tainted data sent in fetch() headers (e.g. Authorization, custom tokens).</p> <p>Generated by OWASP PTK IAST Module</p> Exfiltration via fetch URL /docs/alerts/210013-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210013-1/ <p>Tainted data used in fetch() URL, potentially exfiltrating sensitive information.</p> <p>Generated by OWASP PTK IAST Module</p> Exfiltration via image.src beacon /docs/alerts/210013-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210013-7/ <p>Tainted data embedded into image src URL for beacon-style exfiltration.</p> <p>Generated by OWASP PTK IAST Module</p> Exfiltration via navigator.sendBeacon /docs/alerts/210013-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210013-6/ <p>Tainted data sent via navigator.sendBeacon().</p> <p>Generated by OWASP PTK IAST Module</p> Exfiltration via XMLHttpRequest body /docs/alerts/210013-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210013-4/ <p>Tainted data sent in XMLHttpRequest.send() body.</p> <p>Generated by OWASP PTK IAST Module</p> Exfiltration via XMLHttpRequest headers /docs/alerts/210013-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210013-5/ <p>Tainted data sent in XMLHttpRequest.setRequestHeader() values.</p> <p>Generated by OWASP PTK IAST Module</p> Exfiltration via XMLHttpRequest URL /docs/alerts/210013-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210013-3/ <p>Tainted data used in XMLHttpRequest.open() URL.</p> <p>Generated by OWASP PTK IAST Module</p> Expect-CT is deprecated /docs/alerts/200005-12/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-12/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> Exponential Entity Expansion (Billion Laughs Attack) /docs/alerts/40044/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40044/ <p>An exponential entity expansion, or “billion laughs” attack is a type of denial-of-service (DoS) attack. It is aimed at parsers of markup languages like XML or YAML that allow macro expansions.</p> Exposed Secrets in Swagger/OpenAPI Path /docs/alerts/100043-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100043-2/ <p>Swagger UI endpoint exposes sensitive secrets such as client secrets, API keys, or OAuth tokens. These secrets may be accessible in the HTML source and should not be exposed publicly, as this can lead to compromise.</p> Exposed Session ID /docs/alerts/40013-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40013-5/ <p>A session id is exposed in the URL. By sharing such a website URL (containing the session id), a naive user may be inadvertently granting access to their data, compromising its confidentiality, integrity, and availability. URLs containing the session identifier also appear in web browser bookmarks, web server log files, and proxy server log files.</p> Exposure of Git repository /docs/alerts/200004-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200004-1/ <p>Version control repositories such as CVS or git store version-specific metadata and other details within subdirectories. If these subdirectories are stored on a web server or added to an archive, then these could be used by an attacker. This information may include usernames, filenames, path root, IP addresses, and detailed ‘diff’ data about how files have been changed - which could reveal source code snippets that were never intended to be made public..</p> Exposure of Mercurial repository /docs/alerts/200004-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200004-3/ <p>Version control repositories such as CVS or git store version-specific metadata and other details within subdirectories. If these subdirectories are stored on a web server or added to an archive, then these could be used by an attacker. This information may include usernames, filenames, path root, IP addresses, and detailed ‘diff’ data about how files have been changed - which could reveal source code snippets that were never intended to be made public..</p> Exposure of SVN repository /docs/alerts/200004-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200004-2/ <p>Version control repositories such as CVS or git store version-specific metadata and other details within subdirectories. If these subdirectories are stored on a web server or added to an archive, then these could be used by an attacker. This information may include usernames, filenames, path root, IP addresses, and detailed ‘diff’ data about how files have been changed - which could reveal source code snippets that were never intended to be made public..</p> Exposure of Version-Control Repository /docs/alerts/200004/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200004/ Expression Language Injection /docs/alerts/90025/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90025/ <p>The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.</p> ExtensionGraphQl /docs/alerts/50007/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/50007/ External Redirect /docs/alerts/20019-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20019-1/ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p> External Redirect /docs/alerts/20019-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20019-2/ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p> External Redirect /docs/alerts/20019-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20019-3/ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p> External Redirect /docs/alerts/20019-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20019-4/ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p> External Redirect /docs/alerts/20019/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20019/ Fetch Metadata Request Headers /docs/alerts/90005/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005/ File Content Disclosure (CVE-2019-5418) /docs/alerts/100029/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100029/ <p>The application seems to be subject to CVE-2019-5418. By sending a specially crafted request it was possible to have the target return data from the server file system.</p> File Upload /docs/alerts/40041/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40041/ <p>File Upload scan rule is used to scan the vulnerabilities in the File Upload functionality of web applications.</p> File/path candidate parameter /docs/alerts/200015-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200015-3/ <p>Flags request parameters and JSON keys commonly associated with high-impact findings (open redirect, SSRF, IDOR, file/path traversal).</p> <p>Generated by OWASP PTK DAST Module</p> Firebase config exposed /docs/alerts/200011-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200011-6/ <p>Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.</p> <p>Generated by OWASP PTK DAST Module</p> Form action manipulated by tainted route or body input /docs/alerts/210005-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210005-1/ <p>Tainted route, body, or messaging value changed form action.</p> <p>Generated by OWASP PTK IAST Module</p> Form action manipulated from tainted source /docs/alerts/210019-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019-7/ <p>Tainted value assigned to form action.</p> <p>Generated by OWASP PTK IAST Module</p> Form submission target hijack /docs/alerts/210005/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210005/ formAction manipulated by tainted route or body input /docs/alerts/210005-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210005-2/ <p>Tainted route, body, or messaging value changed formAction.</p> <p>Generated by OWASP PTK IAST Module</p> Format String Error /docs/alerts/30002/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/30002/ <p>A Format String error occurs when the submitted data of an input string is evaluated as a command by the application.</p> Full Path Disclosure /docs/alerts/110009/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/110009/ <p>The full path of files which might be sensitive has been exposed to the client.</p> Function.apply() from storage/referrer taint /docs/alerts/210018-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210018-3/ <p>Storage/referrer taint reached Function.apply().</p> <p>Generated by OWASP PTK IAST Module</p> Function() from storage/referrer taint /docs/alerts/210018-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210018-2/ <p>Storage/referrer taint reached Function constructor.</p> <p>Generated by OWASP PTK IAST Module</p> Generic Padding Oracle /docs/alerts/90024/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90024/ <p>By manipulating the padding on an encrypted string, an attacker is able to generate an error message that indicates a likely ‘padding oracle’ vulnerability. Such a vulnerability can affect any application or framework that uses encryption improperly, such as some versions of ASP.net, Java Server Faces, and Mono. An attacker may exploit this issue to decrypt data and recover encryption keys, potentially viewing and modifying confidential data. This rule should detect the MS10-070 padding oracle vulnerability in ASP.net if CustomErrors are enabled for that.</p> GET for POST /docs/alerts/10058/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10058/ <p>A request that was originally observed as a POST was also accepted as a GET. This issue does not represent a security weakness unto itself, however, it may facilitate simplification of other attacks. For example if the original POST is subject to Cross-Site Scripting (XSS), then this finding may indicate that a simplified (GET based) XSS may also be possible.</p> GitHub token pattern /docs/alerts/200011-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200011-4/ <p>Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.</p> <p>Generated by OWASP PTK DAST Module</p> Google API key pattern /docs/alerts/200011-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200011-9/ <p>Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.</p> <p>Generated by OWASP PTK DAST Module</p> GraphiQL / GraphQL Playground detected /docs/alerts/200012-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200012-5/ <p>Detects exposure of API documentation, specs, and interactive consoles observed in traffic.</p> <p>Generated by OWASP PTK DAST Module</p> GraphQL Circular Type Reference /docs/alerts/50007-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/50007-3/ <p>A circular reference was detected in the GraphQL schema, where object types reference each other in a cycle. This can be exploited by attackers to craft deeply recursive queries, potentially leading to Denial of Service (DoS) conditions.</p> GraphQL endpoint observed /docs/alerts/200012-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200012-4/ <p>Detects exposure of API documentation, specs, and interactive consoles observed in traffic.</p> <p>Generated by OWASP PTK DAST Module</p> GraphQL Endpoint Supports Introspection /docs/alerts/50007-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/50007-1/ <p>The GraphQL endpoint has Introspection enabled. Introspection allows clients to query the schema and retrieve detailed information about the fields, types, inputs, etc. supported by the GraphQL endpoint. This may be valuable to an attacker, as it could enable them to craft more targeted queries.</p> GraphQL path observed /docs/alerts/200019-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200019-5/ <p>Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).</p> <p>Generated by OWASP PTK DAST Module</p> GraphQL Server Implementation Identified /docs/alerts/50007-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/50007-2/ <p>The server is using “Example GraphQL Engine”, which is a GraphQL implementation for “Example Technology 1” and “Example Technology 2”.</p> Hash Disclosure /docs/alerts/10097/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097/ Hash Disclosure - BCrypt /docs/alerts/10097-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-7/ <p>A hash was disclosed by the web server. - BCrypt</p> Hash Disclosure - Kerberos AFS DES /docs/alerts/10097-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-2/ <p>A hash was disclosed by the web server. - Kerberos AFS DES</p> Hash Disclosure - LanMan /docs/alerts/10097-15/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-15/ <p>A hash was disclosed by the web server. - LanMan</p> Hash Disclosure - LanMan / DES /docs/alerts/10097-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-1/ <p>A hash was disclosed by the web server. - LanMan / DES</p> Hash Disclosure - MD4 / MD5 /docs/alerts/10097-16/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-16/ <p>A hash was disclosed by the web server. - MD4 / MD5</p> Hash Disclosure - MD5 Crypt /docs/alerts/10097-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-4/ <p>A hash was disclosed by the web server. - MD5 Crypt</p> Hash Disclosure - NTLM /docs/alerts/10097-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-8/ <p>A hash was disclosed by the web server. - NTLM</p> Hash Disclosure - OpenBSD Blowfish /docs/alerts/10097-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-3/ <p>A hash was disclosed by the web server. - OpenBSD Blowfish</p> Hash Disclosure - Salted SHA-1 /docs/alerts/10097-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-9/ <p>A hash was disclosed by the web server. - Salted SHA-1</p> Hash Disclosure - SHA-1 /docs/alerts/10097-14/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-14/ <p>A hash was disclosed by the web server. - SHA-1</p> Hash Disclosure - SHA-224 /docs/alerts/10097-13/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-13/ <p>A hash was disclosed by the web server. - SHA-224</p> Hash Disclosure - SHA-256 /docs/alerts/10097-12/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-12/ <p>A hash was disclosed by the web server. - SHA-256</p> Hash Disclosure - SHA-256 Crypt /docs/alerts/10097-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-5/ <p>A hash was disclosed by the web server. - SHA-256 Crypt</p> Hash Disclosure - SHA-384 /docs/alerts/10097-11/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-11/ <p>A hash was disclosed by the web server. - SHA-384</p> Hash Disclosure - SHA-512 /docs/alerts/10097-10/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-10/ <p>A hash was disclosed by the web server. - SHA-512</p> Hash Disclosure - SHA-512 Crypt /docs/alerts/10097-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10097-6/ <p>A hash was disclosed by the web server. - SHA-512 Crypt</p> Heartbleed OpenSSL Vulnerability /docs/alerts/20015/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20015/ <p>The TLS implementation in OpenSSL 1.0.1 before 1.0.1g does not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, potentially disclosing sensitive information.</p> Heartbleed OpenSSL Vulnerability (Indicative) /docs/alerts/10034/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10034/ <p>The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, potentially disclosing sensitive information.</p> Hidden File Found /docs/alerts/40035/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40035/ <p>A sensitive file was identified as accessible or available. This may leak administrative, configuration, or credential information which can be leveraged by a malicious individual to further attack the system or conduct social engineering efforts.</p> HSTS max-age too low or missing includeSubDomains /docs/alerts/200005-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-7/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> HTML references .map files /docs/alerts/200009-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200009-2/ <p>Detects source map references and common debug artifacts in observed HTML/JS responses. These are high-value recon leads for code disclosure and hidden endpoints.</p> <p>Generated by OWASP PTK DAST Module</p> HTTP Only Site /docs/alerts/10106/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10106/ <p>The site is only served under HTTP and not HTTPS.</p> HTTP Parameter Override /docs/alerts/10026/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10026/ <p>Unspecified form action: HTTP parameter override attack potentially possible. This is a known problem with Java Servlets but other platforms may also be vulnerable.</p> HTTP Parameter Pollution /docs/alerts/20014/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20014/ <p>HTTP Parameter Pollution (HPP) attacks consist of injecting encoded query string delimiters into other existing parameters. If a web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either client-side or server-side attacks. One consequence of HPP attacks is that the attacker can potentially override existing hard-coded HTTP parameters to modify the behavior of an application, bypass input validation checkpoints, and access and possibly exploit variables that may be out of direct reach.</p> HTTP Server Response Header /docs/alerts/10036/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10036/ HTTP to HTTPS Insecure Transition in Form Post /docs/alerts/10041/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10041/ <p>This check looks for insecure HTTP pages that host HTTPS forms. The issue is that an insecure HTTP page can easily be hijacked through MITM and the secure HTTPS form can be replaced or spoofed.</p> Httpoxy - Proxy Header Misuse /docs/alerts/10107/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10107/ <p>The server initiated a proxied request via the proxy specified in the HTTP Proxy header of the request.Httpoxy typically affects code running in CGI or CGI like environments. This may allow attackers to:</p> <ul> <li>Proxy the outgoing HTTP requests made by the web application</li> <li>Direct the server to open outgoing connections to an address and port of their choosing or</li> <li>Tie up server resources by forcing the vulnerable software to use a malicious proxy.</li> </ul> HTTPS Configuration /docs/alerts/10205-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10205-1/ <p>Performs HTTPS configuration analysis including certificate details and supported cipher suites.</p> HTTPS Configuration /docs/alerts/10205/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10205/ HTTPS Content Available via HTTP /docs/alerts/10047/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10047/ <p>Content which was initially accessed via HTTPS (i.e.: using SSL/TLS encryption) is also accessible via HTTP (without encryption).</p> HTTPS Security Configuration Issues /docs/alerts/10205-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10205-2/ <p>The HTTPS configuration has one or more security issues identified by the TLS risk assessment.</p> HTTPS to HTTP Insecure Transition in Form Post /docs/alerts/10042/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10042/ <p>This check identifies secure HTTPS pages that host insecure HTTP forms. The issue is that a secure page is transitioning to an insecure page when data is uploaded through a form. The user may think they’re submitting data to a secure page when in fact they are not.</p> HUNT Methodology /docs/alerts/100015/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100015/ <p>Find possible vulnerable entry points using HUNT Methodology (<a href="https://github.com/bugcrowd/HUNT)">https://github.com/bugcrowd/HUNT)</a>.</p> IDOR candidate parameter /docs/alerts/200015-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200015-4/ <p>Flags request parameters and JSON keys commonly associated with high-impact findings (open redirect, SSRF, IDOR, file/path traversal).</p> <p>Generated by OWASP PTK DAST Module</p> IFrame content injection via srcdoc /docs/alerts/210012-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210012-2/ <p>Tainted HTML assigned to iframe.srcdoc, enabling DOM-based XSS inside the frame.</p> <p>Generated by OWASP PTK IAST Module</p> IFrame navigation and content sinks /docs/alerts/210012/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210012/ IFrame navigation via src /docs/alerts/210012-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210012-1/ <p>Tainted URL assigned to iframe.src, causing navigation to untrusted content.</p> <p>Generated by OWASP PTK IAST Module</p> Image Exposes Location or Privacy Data /docs/alerts/10103/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10103/ <p>The image was found to contain embedded location information, such as GPS coordinates, or another privacy exposure, such as camera serial number. Depending on the context of the image in the website, this information may expose private details of the users of a site. For example, a site that allows users to upload profile pictures taken in the home may expose the home’s address.</p> In Page Banner Information Leak /docs/alerts/10009/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10009/ <p>The server returned a version banner string in the response content. Such information leaks may allow attackers to further target specific issues impacting the product and version in use.</p> Information Disclosure - Amazon S3 Bucket URL /docs/alerts/100036/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100036/ <p>An Amazon S3 bucket URL was found in the HTTP response body.</p> Information Disclosure - Base64-encoded String /docs/alerts/100007/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100007/ <p>A Base64-encoded string has been found in the HTTP response body. Base64-encoded data may contain sensitive information such as usernames, passwords or cookies which should be further inspected.</p> Information Disclosure - Credit Card Number /docs/alerts/100008/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100008/ <p>A credit card number was found in the HTTP response body.</p> Information Disclosure - Debug Error Messages /docs/alerts/10023/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10023/ <p>The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.</p> Information Disclosure - Debug Error Messages via WebSocket /docs/alerts/110003/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/110003/ <p>The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.</p> Information Disclosure - Email Addresses /docs/alerts/100009/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100009/ <p>An email address was found in the HTTP response body. Exposure of email addresses in HTTP messages can lead to privacy violations and targeted phishing attacks.</p> Information Disclosure - Google API Key /docs/alerts/100034/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100034/ <p>A Google API Key was found in the HTTP response body.</p> Information Disclosure - Hash /docs/alerts/100010/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100010/ <p>A hash was discovered in the HTTP response body.</p> Information Disclosure - HTML Comments /docs/alerts/100011/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100011/ <p>While adding general comments is very useful, some programmers tend to leave important data, such as: filenames related to the web application, old links or links which were not meant to be browsed by users, old code fragments, etc.</p> Information Disclosure - IBAN Numbers /docs/alerts/100012/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100012/ <p>An IBAN number was discovered in the HTTP response body.</p> Information Disclosure - Information in Browser localStorage /docs/alerts/120000-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/120000-1/ <p>Information was stored in browser localStorage. This is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.</p> Information Disclosure - Information in Browser sessionStorage /docs/alerts/120000-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/120000-2/ <p>Information was stored in browser sessionStorage. This is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.</p> Information Disclosure - Information in Browser Storage /docs/alerts/120000/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/120000/ Information Disclosure - IP Exposed via F5 BIG-IP Persistence Cookie /docs/alerts/100006/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100006/ <p>The F5 BIG-IP Persistence cookie set for this website can be decoded to a specific IP and port. An attacker may leverage this information to conduct Social Engineering attacks or other exploits.</p> Information Disclosure - Java Stack Trace /docs/alerts/100035/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100035/ <p>A Java stack trace was found in the HTTP response body.</p> Information Disclosure - JWT in Browser localStorage /docs/alerts/120002-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/120002-1/ <p>JWT was stored in browser localStorage. This is dangerous because data stored in localStorage does not expire. .</p> Information Disclosure - JWT in Browser sessionStorage /docs/alerts/120002-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/120002-2/ <p>JWT was stored in browser sessionStorage. This is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.</p> Information Disclosure - JWT in Browser Storage /docs/alerts/120002/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/120002/ Information Disclosure - Private IP Address /docs/alerts/100013/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100013/ <p>A private IP such as 10.x.x.x, 172.x.x.x, 192.168.x.x or IPV6 fe00:: has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.</p> Information Disclosure - Sensitive Information in Browser localStorage /docs/alerts/120001-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/120001-1/ <p>Sensitive Information appears to have been stored in browser localStorage. This can violate PCI and most organizational compliance policies. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.</p> Information Disclosure - Sensitive Information in Browser sessionStorage /docs/alerts/120001-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/120001-2/ <p>Sensitive Information appears to have been stored in browser sessionStorage. This can violate PCI and most organizational compliance policies. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.</p> Information Disclosure - Sensitive Information in Browser Storage /docs/alerts/120001/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/120001/ Information Disclosure - Sensitive Information in HTTP Referrer Header /docs/alerts/10025/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10025/ <p>The HTTP header may have leaked a potentially sensitive parameter to another domain. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment.</p> Information Disclosure - Sensitive Information in URL /docs/alerts/10024/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10024/ <p>The request appeared to contain sensitive information leaked in the URL. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment.</p> Information Disclosure - Server Header /docs/alerts/100019/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100019/ <p>The web/application server is leaking version information via the ‘Server’ HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.</p> Information Disclosure - SQL Error /docs/alerts/100020/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100020/ <p>An SQL error was found in the HTTP response body.</p> Information Disclosure - Suspicious Comments /docs/alerts/10027/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10027/ <p>The response appears to contain suspicious comments which may help an attacker.</p> Information Disclosure - Suspicious Comments in XML via WebSocket /docs/alerts/110008/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/110008/ <p>The response appears to contain suspicious comments which may help an attacker.</p> Information Disclosure - X-Powered-By Header /docs/alerts/100023/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100023/ <p>The web/application server is leaking information via one or more ‘X-Powered-By’ HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.</p> Inline event handler built from dynamic data /docs/alerts/220000-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220000-6/ <p>Detects cases where untrusted data from the DOM (URL, element values, storage, messages, etc.) flows into HTML/JS execution sinks (e.g., innerHTML, outerHTML, document.write, string-based setTimeout, insertAdjacentHTML) without proper sanitization or encoding \u2014 enabling DOM-based cross-site scripting.</p> <p>Generated by OWASP PTK SAST Module</p> Insecure HTTP Method /docs/alerts/90028/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90028/ Insecure HTTP Method - CONNECT /docs/alerts/90028-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90028-4/ <p>The insecure HTTP method [CONNECT] is enabled for this resource, and is exploitable. It was found to be possible to establish a tunneled socket connection to a third party service, using this HTTP method. This would allow the service to be used as an anonymous spam relay, or as a web proxy, bypassing network restrictions. It also allows it to be used to establish a tunneled VPN, effectively extending the network perimeter to include untrusted components.</p> Insecure HTTP Method - DELETE /docs/alerts/90028-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90028-1/ <p>The insecure HTTP method [DELETE] is enabled on the web server for this resource. Depending on the web server configuration, and the underlying implementation responsible for serving the resource, this might or might not be exploitable. The TRACK and TRACE methods may be used by an attacker, to gain access to the authorisation token/session cookie of an application user, even if the session cookie is protected using the HttpOnly flag. For the attack to be successful, the application user must typically be using an older web browser, or a web browser which has a Same Origin Policy (SOP) bypass vulnerability. The CONNECT method can be used by a web client to create an HTTP tunnel to third party websites or services.</p> Insecure HTTP Method - PROPFIND /docs/alerts/90028-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90028-5/ <p>This HTTP method is a WEBDAV method: PROPFIND. If this server is not offering any WEBDAV services, these methods should not be available.</p> Insecure HTTP Method - PUT /docs/alerts/90028-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90028-2/ <p>The insecure HTTP method [PUT] is enabled on the web server for this resource. Depending on the web server configuration, and the underlying implementation responsible for serving the resource, this might or might not be exploitable. The TRACK and TRACE methods may be used by an attacker, to gain access to the authorisation token/session cookie of an application user, even if the session cookie is protected using the HttpOnly flag. For the attack to be successful, the application user must typically be using an older web browser, or a web browser which has a Same Origin Policy (SOP) bypass vulnerability. The CONNECT method can be used by a web client to create an HTTP tunnel to third party websites or services.</p> Insecure HTTP Method - PUT /docs/alerts/90028-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90028-6/ <p>This method was originally intended for file management operations. It is now most commonly used in REST services, PUT is most-often utilized for <strong>update</strong> capabilities, PUT-ing to a known resource URI with the request body containing the newly-updated representation of the original resource.</p> Insecure HTTP Method - TRACE /docs/alerts/90028-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90028-3/ <p>The insecure HTTP method [TRACE] is enabled for this resource, and is exploitable. The TRACK and TRACE methods may be used by an attacker, to gain access to the authorisation token/session cookie of an application user, even if the session cookie is protected using the HttpOnly flag. For the attack to be successful, the application user must typically be using an older web browser, or a web browser which has a Same Origin Policy (SOP) bypass vulnerability.</p> Insecure JSF ViewState /docs/alerts/90001/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90001/ <p>The response at the following URL contains a ViewState value that has no cryptographic protections.</p> Insufficient Site Isolation Against Spectre Vulnerability /docs/alerts/90004/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90004/ Integer Overflow Error /docs/alerts/30003/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/30003/ <p>An integer overflow condition exists when an integer used in a compiled program extends beyond the range limits and has not been properly checked from the input stream.</p> Internal file path disclosure /docs/alerts/200010-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200010-6/ <p>Detects common framework stack traces, error pages, and path disclosures in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> Internal IP address leaked in response /docs/alerts/200016-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200016-1/ <p>Detects internal hostnames/IPs and environment hints (staging/dev/local) disclosed in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> Java Serialization Object /docs/alerts/90002/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90002/ <p>Java Serialization seems to be in use. If not correctly validated, an attacker can send a specially crafted object. This can lead to a dangerous “Remote Code Execution”. A magic sequence identifying JSO has been detected (Base64: rO0AB, Raw: 0xac, 0xed, 0x00, 0x05).</p> Java stack trace /docs/alerts/200010-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200010-2/ <p>Detects common framework stack traces, error pages, and path disclosures in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> JavaScript includes sourceMappingURL /docs/alerts/200009-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200009-1/ <p>Detects source map references and common debug artifacts in observed HTML/JS responses. These are high-value recon leads for code disclosure and hidden endpoints.</p> <p>Generated by OWASP PTK DAST Module</p> javascript: URL assigned to form action /docs/alerts/210006-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210006-1/ <p>Tainted javascript: URL assigned to form action.</p> <p>Generated by OWASP PTK IAST Module</p> javascript: URL assigned to formAction /docs/alerts/210006-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210006-2/ <p>Tainted javascript: URL assigned to formAction.</p> <p>Generated by OWASP PTK IAST Module</p> javascript: URL assigned to href /docs/alerts/210003-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-1/ <p>Tainted javascript: URL assigned to href and likely to execute in the current browsing context.</p> <p>Generated by OWASP PTK IAST Module</p> javascript: URL assigned to iframe.src /docs/alerts/210003-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-3/ <p>Tainted javascript: URL assigned to iframe.src.</p> <p>Generated by OWASP PTK IAST Module</p> javascript: URL assigned to src /docs/alerts/210003-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-6/ <p>Tainted javascript: URL assigned to a generic src attribute and interpreted as executable content.</p> <p>Generated by OWASP PTK IAST Module</p> javascript: URL navigated via location.assign /docs/alerts/210003-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-9/ <p>Tainted javascript: URL passed to location.assign.</p> <p>Generated by OWASP PTK IAST Module</p> javascript: URL navigated via location.href /docs/alerts/210003-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-2/ <p>Tainted javascript: URL assigned to location.href.</p> <p>Generated by OWASP PTK IAST Module</p> javascript: URL navigated via location.replace /docs/alerts/210003-11/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-11/ <p>Tainted javascript: URL passed to location.replace.</p> <p>Generated by OWASP PTK IAST Module</p> javascript: URL opened via window.open /docs/alerts/210003-13/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210003-13/ <p>Tainted javascript: URL passed to window.open.</p> <p>Generated by OWASP PTK IAST Module</p> JSONP callback parameter controls JavaScript response /docs/alerts/200024/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200024/ <p>Tests callback-like parameters for JSONP-style JavaScript responses where user input controls the executed callback name.</p> <p>Generated by OWASP PTK DAST Module</p> JWT None Algorithm (Authorization header) /docs/alerts/200003-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003-6/ <p>This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified</p> <p>Generated by OWASP PTK DAST Module</p> JWT None Algorithm (Cookie) /docs/alerts/200003-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003-4/ <p>This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified</p> <p>Generated by OWASP PTK DAST Module</p> JWT None Algorithm (Form body param) /docs/alerts/200003-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003-5/ <p>This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified</p> <p>Generated by OWASP PTK DAST Module</p> JWT None Algorithm (JSON body) /docs/alerts/200003-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003-7/ <p>This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified</p> <p>Generated by OWASP PTK DAST Module</p> JWT None Algorithm attacks /docs/alerts/200003/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003/ JWT None Exploit /docs/alerts/100026/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100026/ <p>The application’s JWT implementation allows for the usage of the ’none’ algorithm, which bypasses the JWT hash verification.</p> JWT Probe (Authorization + JWT cookies removed) /docs/alerts/200003-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003-1/ <p>This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified</p> <p>Generated by OWASP PTK DAST Module</p> JWT Probe (Authorization header removed) /docs/alerts/200003-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003-2/ <p>This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified</p> <p>Generated by OWASP PTK DAST Module</p> JWT Probe (JWT cookies removed) /docs/alerts/200003-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003-3/ <p>This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified</p> <p>Generated by OWASP PTK DAST Module</p> JWT Scan Rule /docs/alerts/40036/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40036/ <p>Scanner for finding vulnerabilities in JWT implementations.</p> JWT-like value in URL /docs/alerts/200014-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200014-2/ <p>Detects access tokens, JWTs, and API keys present in URLs or query strings observed in traffic.</p> <p>Generated by OWASP PTK DAST Module</p> LDAP Injection /docs/alerts/40015-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40015-2/ <p>LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.</p> LDAP Injection /docs/alerts/40015/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40015/ LDAP Injection - activedirectory /docs/alerts/40015-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40015-1/ <p>LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.</p> Lit unsafeHTML taint flow /docs/alerts/220005-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220005-6/ <p>Detects dynamic client-side template compilation/rendering where attacker-controlled templates or outputs are injected into the DOM.</p> <p>Generated by OWASP PTK SAST Module</p> localhost/127.0.0.1 referenced in response /docs/alerts/200016-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200016-2/ <p>Detects internal hostnames/IPs and environment hints (staging/dev/local) disclosed in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> location.assign redirect from tainted source /docs/alerts/210019-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019-2/ <p>Tainted value passed to location.assign.</p> <p>Generated by OWASP PTK IAST Module</p> location.href redirect from tainted source /docs/alerts/210019-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019-1/ <p>Tainted value navigated location.href.</p> <p>Generated by OWASP PTK IAST Module</p> location.replace redirect from tainted source /docs/alerts/210019-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019-3/ <p>Tainted value passed to location.replace.</p> <p>Generated by OWASP PTK IAST Module</p> Log4Shell /docs/alerts/40043/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40043/ Log4Shell (CVE-2021-44228) /docs/alerts/40043-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40043-1/ <p>Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default.</p> Log4Shell (CVE-2021-45046) /docs/alerts/40043-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40043-2/ <p>It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.</p> Loosely Scoped Cookie /docs/alerts/90033/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90033/ <p>Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. <a href="http://www.nottrusted.com">www.nottrusted.com</a>, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.</p> Mapbox token exposed /docs/alerts/200011-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200011-8/ <p>Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.</p> <p>Generated by OWASP PTK DAST Module</p> Message handler without origin validation /docs/alerts/220008-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-7/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> Missing Anti-clickjacking Header /docs/alerts/10020-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10020-1/ <p>The response does not protect against ‘ClickJacking’ attacks. It should include either Content-Security-Policy with ‘frame-ancestors’ directive or X-Frame-Options.</p> Missing Content-Security-Policy header /docs/alerts/200005-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-1/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> Missing or invalid X-Content-Type-Options /docs/alerts/200005-10/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-10/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> Missing or weak Referrer-Policy /docs/alerts/200005-16/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-16/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> Missing Security Headers /docs/alerts/100016/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100016/ <p>Some of the following security headers are missing from the HTTP response: Strict-Transport-Security, Content-Security-Policy, X-XSS-Protection, X-Content-Type-Options, X-Frame-Options.</p> Missing Strict-Transport-Security header (on HTTPS) /docs/alerts/200005-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-5/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> Modern Web Application /docs/alerts/10109/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10109/ <p>The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.</p> Multiple HREFs Redirect Detected (Potential Sensitive Information Leak) /docs/alerts/10044-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10044-2/ <p>The server has responded with a redirect that seems to contain multiple links. This may indicate that although the server sent a redirect it also responded with body content links (which may include sensitive details, PII, lead to admin panels, etc.).</p> Multiple X-Frame-Options Header Entries /docs/alerts/10020-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10020-2/ <p>X-Frame-Options (XFO) headers were found, a response with multiple XFO header entries may not be predictably treated by all user-agents.</p> navigation.navigate redirect from tainted source /docs/alerts/210019-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019-5/ <p>Tainted value passed to navigation.navigate.</p> <p>Generated by OWASP PTK IAST Module</p> Network Destination Poisoning /docs/alerts/220006/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220006/ Next.js build metadata exposed /docs/alerts/200009-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200009-4/ <p>Detects source map references and common debug artifacts in observed HTML/JS responses. These are high-value recon leads for code disclosure and hidden endpoints.</p> <p>Generated by OWASP PTK DAST Module</p> Node.js / Express stack trace /docs/alerts/200010-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200010-1/ <p>Detects common framework stack traces, error pages, and path disclosures in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> Non Static Site Detected /docs/alerts/100017/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100017/ <p>A query string or form has been detected in the HTTP response body. This indicates that this may not be a static site.</p> Non-Storable Content /docs/alerts/10049-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10049-1/ <p>The response contents are not storable by caching components such as proxy servers. If the response does not contain sensitive, personal or user-specific information, it may benefit from being stored and cached, to improve performance.</p> NoSQL Injection - MongoDB /docs/alerts/40033/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40033/ <p>MongoDB query injection may be possible.</p> NoSQL Injection - MongoDB (Time Based) /docs/alerts/90039/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90039/ <p>MongoDB query injection may be possible.</p> Obsolete Content Security Policy (CSP) Header Found /docs/alerts/10038-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10038-2/ <p>The “X-Content-Security-Policy” and “X-WebKit-CSP” headers are no longer recommended.</p> Off-site Redirect /docs/alerts/10028/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10028/ <p>Open redirects are one of the OWASP 2010 Top Ten vulnerabilities. This check looks at user-supplied input in query string parameters and POST data to identify where open redirects might be possible. Open redirects occur when an application allows user-supplied input (e.g. <a href="https://nottrusted.com">https://nottrusted.com</a>) to control an off-site destination. This is generally a pretty accurate way to find where 301 or 302 redirects could be exploited by spammers or phishing attacks.</p> OIDC well-known configuration observed /docs/alerts/200013-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200013-2/ <p>Flags security-relevant well-known resources and metadata files when they appear in observed traffic.</p> <p>Generated by OWASP PTK DAST Module</p> Old Asp.Net Version in Use /docs/alerts/10032-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10032-3/ <p>This website uses ASP.NET version 1.0 or 1.1.</p> Open Redirect (generic) /docs/alerts/200023/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200023/ Open redirect candidate parameter /docs/alerts/200015-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200015-1/ <p>Flags request parameters and JSON keys commonly associated with high-impact findings (open redirect, SSRF, IDOR, file/path traversal).</p> <p>Generated by OWASP PTK DAST Module</p> Open redirect from client-side taint sources /docs/alerts/210019/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019/ Open redirect reflected in body destination /docs/alerts/200023-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200023-3/ <p>Tests for open redirect by forcing redirect-like parameters to an external, benign domain.</p> <p>Generated by OWASP PTK DAST Module</p> Open redirect reflected in form action /docs/alerts/200023-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200023-2/ <p>Tests for open redirect by forcing redirect-like parameters to an external, benign domain.</p> <p>Generated by OWASP PTK DAST Module</p> Open redirect via common param names /docs/alerts/200023-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200023-1/ <p>Tests for open redirect by forcing redirect-like parameters to an external, benign domain.</p> <p>Generated by OWASP PTK DAST Module</p> Open redirect via Navigation API /docs/alerts/210002-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210002-2/ <p>Tainted destination URL used in navigation.navigate.</p> <p>Generated by OWASP PTK IAST Module</p> Open redirect via window.open /docs/alerts/210002-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210002-1/ <p>Tainted URL used in window.open (possible open redirect).</p> <p>Generated by OWASP PTK IAST Module</p> Open Redirection /docs/alerts/220002/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220002/ OpenAPI spec detected /docs/alerts/200012-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200012-2/ <p>Detects exposure of API documentation, specs, and interactive consoles observed in traffic.</p> <p>Generated by OWASP PTK DAST Module</p> Origin check uses host fragment only /docs/alerts/220008-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-5/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> OS Command Injection - Unix cat /etc/passwd (pipe) /docs/alerts/200001/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200001/ <p>OS command injection (also known as shell injection) is a web security vulnerability that allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application, and typically fully compromise the application and all its data.</p> <p>Generated by OWASP PTK DAST Module</p> Out of Band XSS /docs/alerts/40031/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40031/ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology. When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p> OWASP Secure Headers /docs/alerts/200005/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005/ Parameter Tampering /docs/alerts/40008/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40008/ <p>Parameter manipulation caused an error page or Java stack trace to be displayed. This indicated lack of exception handling and potential areas for further exploit.</p> Passive Recon: .well-known & Metadata Files /docs/alerts/200013/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200013/ Passive Recon: API Docs & Specs Exposure /docs/alerts/200012/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200012/ Passive Recon: Client Config & Secret-Like Values /docs/alerts/200011/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200011/ Passive Recon: CORS Posture Indicators /docs/alerts/200017/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200017/ Passive Recon: Error & Stack Trace Disclosure /docs/alerts/200010/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200010/ Passive Recon: High-Risk Parameter Names /docs/alerts/200015/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200015/ Passive Recon: Interesting Endpoint Patterns /docs/alerts/200019/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200019/ Passive Recon: Internal Hosts & Environment Hints /docs/alerts/200016/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200016/ Passive Recon: Source Maps & Debug Artifacts /docs/alerts/200009/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200009/ Passive Recon: Tokens & Secrets in URLs /docs/alerts/200014/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200014/ Path Traversal /docs/alerts/6-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/6-1/ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p> Path Traversal /docs/alerts/6-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/6-2/ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p> Path Traversal /docs/alerts/6-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/6-3/ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p> Path Traversal /docs/alerts/6-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/6-4/ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p> Path Traversal /docs/alerts/6-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/6-5/ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p> Path Traversal /docs/alerts/6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/6/ Permissions Policy Header Not Set /docs/alerts/10063-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10063-1/ <p>Permissions Policy Header is an added layer of security that helps to restrict from unauthorized access or usage of browser/client features by web resources. This policy ensures the user privacy by limiting or specifying the features of the browsers can be used by the web resources. Permissions Policy provides a set of standard HTTP headers that allow website owners to limit which features of browsers can be used by the page such as camera, microphone, location, full screen etc.</p> Permissions Policy Header Not Set /docs/alerts/10063/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10063/ Personally Identifiable Information via WebSocket /docs/alerts/110005/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/110005/ <p>The response contains Personally Identifiable Information, such as CC number. Credit Card type detected: undefined.</p> PHP fatal error / warning /docs/alerts/200010-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200010-5/ <p>Detects common framework stack traces, error pages, and path disclosures in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> phpinfo endpoint observed /docs/alerts/200019-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200019-9/ <p>Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).</p> <p>Generated by OWASP PTK DAST Module</p> PII Disclosure /docs/alerts/10062/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10062/ <p>The response contains Personally Identifiable Information, such as CC number, SSN and similar sensitive data.</p> Possible Username Enumeration /docs/alerts/40023/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40023/ <p>It may be possible to enumerate usernames, based on differing HTTP responses when valid and invalid usernames are provided. This would greatly increase the probability of success of password brute-forcing attacks against the system. Note that false positives may sometimes be minimised by increasing the ‘Attack Strength’ Option in ZAP. Please manually check the ‘Other Info’ field to confirm if this is actually an issue.</p> postMessage to cross-origin target with tainted payload /docs/alerts/210010-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210010-2/ <p>Tainted data sent via window.postMessage to a different origin.</p> <p>Generated by OWASP PTK IAST Module</p> postMessage to wildcard origin with tainted payload /docs/alerts/210010-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210010-1/ <p>Tainted data sent via window.postMessage to wildcard ‘*’ targetOrigin.</p> <p>Generated by OWASP PTK IAST Module</p> Potential .git exposure path observed /docs/alerts/200019-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200019-8/ <p>Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).</p> <p>Generated by OWASP PTK DAST Module</p> Potential backup file observed /docs/alerts/200019-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200019-6/ <p>Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).</p> <p>Generated by OWASP PTK DAST Module</p> Potential IP Addresses Found in the Viewstate /docs/alerts/10032-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10032-1/ <p>Potential IP addresses were found being serialized in the viewstate field.</p> Potentially authenticated content lacks no-store /docs/alerts/200005-21/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-21/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> Private IP Disclosure /docs/alerts/2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/2/ <p>A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.</p> Private IP Disclosure via WebSocket /docs/alerts/110006/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/110006/ <p>A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the incoming WebSocket message. This information might be helpful for further attacks targeting internal systems.</p> Private key material exposed /docs/alerts/200011-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200011-1/ <p>Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.</p> <p>Generated by OWASP PTK DAST Module</p> Properties File Disclosure - /WEB-INF folder /docs/alerts/10045-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10045-2/ <p>A Java class in the /WEB-INF folder disclosed the presence of the properties file. Properties file are not intended to be publicly accessible, and typically contain configuration information, application credentials, or cryptographic keys.</p> Prototype pollution impact confirmation /docs/alerts/210008/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210008/ Prototype pollution influenced fetch() init /docs/alerts/210008-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210008-1/ <p>A prior tainted prototype write influenced inherited fetch() init fields.</p> <p>Generated by OWASP PTK IAST Module</p> Proxy Disclosure /docs/alerts/40025-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40025-1/ <p>1 proxy server(s) were detected or fingerprinted. This information helps a potential attacker to determine</p> <ul> <li>A list of targets for an attack against the application.</li> <li>Potential vulnerabilities on the proxy servers that service the application.</li> <li>The presence or absence of any proxy-based components that might cause attacks against the application to be detected, prevented, or mitigated.</li> </ul> Proxy Disclosure /docs/alerts/40025-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40025-2/ <p>1 proxy server(s) were detected or fingerprinted. This information helps a potential attacker to determine</p> <ul> <li>A list of targets for an attack against the application.</li> <li>Potential vulnerabilities on the proxy servers that service the application.</li> <li>The presence or absence of any proxy-based components that might cause attacks against the application to be detected, prevented, or mitigated.</li> </ul> Proxy Disclosure /docs/alerts/40025/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40025/ Public-Key-Pins is deprecated /docs/alerts/200005-22/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-22/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> Python traceback /docs/alerts/200010-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200010-4/ <p>Detects common framework stack traces, error pages, and path disclosures in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> Re-examine Cache-control Directives /docs/alerts/10015/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10015/ <p>The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.</p> React dangerouslySetInnerHTML taint flow /docs/alerts/220005-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220005-5/ <p>Detects dynamic client-side template compilation/rendering where attacker-controlled templates or outputs are injected into the DOM.</p> <p>Generated by OWASP PTK SAST Module</p> Referer Exposes Session ID /docs/alerts/3-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/3-3/ <p>A hyperlink pointing to another host name was found. As session ID URL rewrite is used, it may be disclosed in referer header to external hosts.</p> Reflected Cross-Site Scripting (XSS) /docs/alerts/200002/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002/ Reflected HTTP GET Parameter(s) /docs/alerts/100014/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100014/ <p>A reflected parameter value has been found in the HTTP response. Reflected parameter values may introduce XSS vulnerability or HTTP header injection.</p> Relative Path Confusion /docs/alerts/10051/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10051/ <p>The web server is configured to serve responses to ambiguous URLs in a manner that is likely to lead to confusion about the correct “relative path” for the URL. Resources (CSS, images, etc.) are also specified in the page response using relative, rather than absolute URLs. In an attack, if the web browser parses the “cross-content” response in a permissive manner, or can be tricked into permissively parsing the “cross-content” response, using techniques such as framing, then the web browser may be fooled into interpreting HTML as CSS (or other content types), leading to an XSS vulnerability.</p> Relative Path Overwrite /docs/alerts/100018/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100018/ <p>Potential RPO (Relative Path Overwrite) found. RPO allows attackers to manipulate URLs to include unintended paths, potentially leading to the execution of malicious scripts or the disclosure of sensitive information.</p> Remote Code Execution - CVE-2012-1823 /docs/alerts/20018/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20018/ <p>Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped “=” character, enabling arbitrary code execution. In this case, an operating system command was caused to be executed on the web server, and the results were returned to the web browser.</p> Remote Code Execution - Shell Shock /docs/alerts/10048-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10048-1/ <p>The server is running a version of the Bash shell that allows remote attackers to execute arbitrary code.</p> Remote Code Execution - Shell Shock /docs/alerts/10048-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10048-2/ <p>The server is running a version of the Bash shell that allows remote attackers to execute arbitrary code.</p> Remote Code Execution - Shell Shock /docs/alerts/10048/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10048/ Remote Code Execution (React2Shell) /docs/alerts/40048/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40048/ <p>The server is running Next.js and vulnerable versions of React Server Components with Next.js which allow remote attackers to execute arbitrary code.</p> Remote File Inclusion /docs/alerts/7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/7/ <p>Remote File Include (RFI) is an attack technique used to exploit “dynamic file include” mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code.</p> Remote OS Command Injection /docs/alerts/90020/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90020/ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p> Remote OS Command Injection (Time Based) /docs/alerts/90037/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90037/ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p> Response field parsed via createContextualFragment /docs/alerts/210007-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210007-7/ <p>Response-derived HTML parsed via Range.createContextualFragment.</p> <p>Generated by OWASP PTK IAST Module</p> Response field parsed via DOMParser /docs/alerts/210007-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210007-6/ <p>Response-derived HTML parsed via DOMParser.parseFromString.</p> <p>Generated by OWASP PTK IAST Module</p> Response field rendered via document.write /docs/alerts/210007-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210007-2/ <p>Response-derived data reached document.write.</p> <p>Generated by OWASP PTK IAST Module</p> Response field rendered via DOM mutation /docs/alerts/210007-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210007-5/ <p>Response-derived data reached DOM mutation sinks.</p> <p>Generated by OWASP PTK IAST Module</p> Response field rendered via innerHTML /docs/alerts/210007-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210007-1/ <p>Response-derived data reached innerHTML.</p> <p>Generated by OWASP PTK IAST Module</p> Response field rendered via insertAdjacentHTML /docs/alerts/210007-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210007-4/ <p>Response-derived HTML reached insertAdjacentHTML.</p> <p>Generated by OWASP PTK IAST Module</p> Response field rendered via outerHTML /docs/alerts/210007-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210007-3/ <p>Response-derived data reached outerHTML.</p> <p>Generated by OWASP PTK IAST Module</p> Response field rendered via setHTMLUnsafe /docs/alerts/210007-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210007-8/ <p>Response-derived HTML reached Element.setHTMLUnsafe.</p> <p>Generated by OWASP PTK IAST Module</p> Response field rendered via ShadowRoot.setHTMLUnsafe /docs/alerts/210007-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210007-9/ <p>Response-derived HTML reached ShadowRoot.setHTMLUnsafe.</p> <p>Generated by OWASP PTK IAST Module</p> Response-derived DOM execution reachability /docs/alerts/210007/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210007/ Retrieved from Cache /docs/alerts/10050-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10050-1/ <p>The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as “proxy” caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.</p> Retrieved from Cache /docs/alerts/10050-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10050-2/ <p>The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as “proxy” caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.</p> Retrieved from Cache /docs/alerts/10050/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10050/ Reverse Tabnabbing /docs/alerts/10108/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10108/ <p>At least one link on this page is vulnerable to Reverse tabnabbing as it uses a target attribute without using both of the “noopener” and “noreferrer” keywords in the “rel” attribute, which allows the target page to take control of this page.</p> Review assignments to href/src/action /docs/alerts/220009-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220009-1/ <p>Detects DOM code that rewrites link destinations (href attributes) with attacker-controlled data. Manipulated links can mislead users into visiting malicious targets even if navigation is not forced automatically.</p> <p>Generated by OWASP PTK SAST Module</p> Review direct Axios destination usage /docs/alerts/220006-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220006-4/ <p>Detects client-side request destinations for beacon, EventSource, and Axios that can be influenced by attacker-controlled input.</p> <p>Generated by OWASP PTK SAST Module</p> Review DOMParser.parseFromString with dynamic HTML/XML /docs/alerts/220000-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220000-4/ <p>Detects cases where untrusted data from the DOM (URL, element values, storage, messages, etc.) flows into HTML/JS execution sinks (e.g., innerHTML, outerHTML, document.write, string-based setTimeout, insertAdjacentHTML) without proper sanitization or encoding \u2014 enabling DOM-based cross-site scripting.</p> <p>Generated by OWASP PTK SAST Module</p> Review dynamic import usage /docs/alerts/220007-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-3/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Review EventSource constructor usage /docs/alerts/220006-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220006-3/ <p>Detects client-side request destinations for beacon, EventSource, and Axios that can be influenced by attacker-controlled input.</p> <p>Generated by OWASP PTK SAST Module</p> Review importScripts usage /docs/alerts/220007-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-7/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Review jQuery getScript usage /docs/alerts/220007-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-1/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Review message event listeners /docs/alerts/220008-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-6/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> Review sendBeacon body content /docs/alerts/220006-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220006-2/ <p>Detects client-side request destinations for beacon, EventSource, and Axios that can be influenced by attacker-controlled input.</p> <p>Generated by OWASP PTK SAST Module</p> Review sendBeacon destination /docs/alerts/220006-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220006-1/ <p>Detects client-side request destinations for beacon, EventSource, and Axios that can be influenced by attacker-controlled input.</p> <p>Generated by OWASP PTK SAST Module</p> Review serviceWorker.register usage /docs/alerts/220007-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-6/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Review SharedWorker constructor usage /docs/alerts/220007-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-5/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Review System.import usage /docs/alerts/220007-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-2/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Review uses of appendChild /docs/alerts/220000-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220000-2/ <p>Detects cases where untrusted data from the DOM (URL, element values, storage, messages, etc.) flows into HTML/JS execution sinks (e.g., innerHTML, outerHTML, document.write, string-based setTimeout, insertAdjacentHTML) without proper sanitization or encoding \u2014 enabling DOM-based cross-site scripting.</p> <p>Generated by OWASP PTK SAST Module</p> Review Vue v-html template usage /docs/alerts/220005-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220005-3/ <p>Detects dynamic client-side template compilation/rendering where attacker-controlled templates or outputs are injected into the DOM.</p> <p>Generated by OWASP PTK SAST Module</p> Review Worker constructor usage /docs/alerts/220007-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-4/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Route-controlled client navigation /docs/alerts/210004/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210004/ Route-controlled history.pushState /docs/alerts/210004-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210004-3/ <p>Client route state influenced history.pushState.</p> <p>Generated by OWASP PTK IAST Module</p> Route-controlled history.replaceState /docs/alerts/210004-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210004-1/ <p>Client route state influenced history.replaceState.</p> <p>Generated by OWASP PTK IAST Module</p> Route-controlled Navigation API transition /docs/alerts/210004-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210004-2/ <p>Client route state influenced navigation.navigate.</p> <p>Generated by OWASP PTK IAST Module</p> Same-origin URL mutations /docs/alerts/220002-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220002-2/ <p>Detects client-side code that can redirect users to attacker-controlled URLs (open redirects). Includes assignment/calls that control window/location/navigation, attr-based redirects, form actions and jQuery variants.</p> <p>Generated by OWASP PTK SAST Module</p> SameSite Cookie Attribute Protection Used /docs/alerts/100005/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100005/ Script Served From Malicious Domain (polyfill) /docs/alerts/10115-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10115-1/ <p>The page includes one or more script files loaded from one of the ‘polyfill’ domains. These are not associated with the polyfill.js library and are known to serve malicious content.</p> Script Served From Malicious Domain (polyfill) /docs/alerts/10115-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10115-2/ <p>The page includes one or more script which appear to include a reference to one of the ‘polyfill’ domains. These are not associated with the polyfill.js library and are known to serve malicious content. You should check to see if it is a safe reference (for example in a comment) or whether the script is loading content from that domain.</p> Script Served From Malicious Domain (polyfill) /docs/alerts/10115/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10115/ Sec-Fetch-Dest Header Has an Invalid Value /docs/alerts/90005-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-7/ <p>Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.</p> Sec-Fetch-Dest Header is Missing /docs/alerts/90005-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-3/ <p>Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.</p> Sec-Fetch-Mode Header Has an Invalid Value /docs/alerts/90005-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-6/ <p>Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc.</p> Sec-Fetch-Mode Header is Missing /docs/alerts/90005-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-2/ <p>Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc.</p> Sec-Fetch-Site Header Has an Invalid Value /docs/alerts/90005-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-5/ <p>Specifies the relationship between request initiator’s origin and target’s origin.</p> Sec-Fetch-Site Header is Missing /docs/alerts/90005-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-1/ <p>Specifies the relationship between request initiator’s origin and target’s origin.</p> Sec-Fetch-User Header Has an Invalid Value /docs/alerts/90005-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-8/ <p>Specifies if a navigation request was initiated by a user.</p> Sec-Fetch-User Header is Missing /docs/alerts/90005-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-4/ <p>Specifies if a navigation request was initiated by a user.</p> Secure Pages Include Mixed Content /docs/alerts/10040/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10040/ <p>The page includes mixed content, that is content accessed via HTTP instead of HTTPS.</p> security.txt observed /docs/alerts/200013-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200013-1/ <p>Flags security-relevant well-known resources and metadata files when they appear in observed traffic.</p> <p>Generated by OWASP PTK DAST Module</p> Sensitive cookies missing security flags /docs/alerts/200005-20/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-20/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> Sensitive data exposure /docs/alerts/200006/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200006/ Sentry DSN exposed /docs/alerts/200011-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200011-5/ <p>Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.</p> <p>Generated by OWASP PTK DAST Module</p> Server banner discloses software/version /docs/alerts/200005-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-9/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> Server is running on Clacks - GNU Terry Pratchett /docs/alerts/100002/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100002/ <p>The web/application server is running over the Clacks network, some say it’s turtles/IP, some say it’s turtles all the way down the layer stack.</p> Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) /docs/alerts/10037/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10037/ <p>The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.</p> Server Leaks its Webserver Application via "Server" HTTP Response Header Field /docs/alerts/10036-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10036-1/ <p>The web/application server is leaking the application it uses as a webserver via the “Server” HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to. This information alone, i.e. without a version string, is not very dangerous for the security of a server, nevertheless this information in the response header field is almost always useless and thus just an obsolete attacking vector.</p> Server Leaks Version Information via "Server" HTTP Response Header Field /docs/alerts/10036-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10036-2/ <p>The web/application server is leaking version information via the “Server” HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.</p> Server Side Code Injection /docs/alerts/90019/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90019/ Server Side Code Injection - ASP Code Injection /docs/alerts/90019-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90019-2/ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p> Server Side Code Injection - PHP Code Injection /docs/alerts/90019-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90019-1/ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p> Server Side Include /docs/alerts/40009/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40009/ <p>Certain parameters may cause Server Side Include commands to be executed. This may allow database connection or arbitrary code to be executed.</p> Server Side Request Forgery /docs/alerts/40046/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40046/ <p>The web server receives a remote address and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.</p> Server Side Template Injection /docs/alerts/90035/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90035/ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p> Server Side Template Injection (Blind) /docs/alerts/90036/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90036/ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p> Session Fixation /docs/alerts/40013-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40013-4/ <p>Session Fixation may be possible. If this issue occurs with a login URL (where the user authenticates themselves to the application), then the URL may be given by an attacker, along with a fixed session id, to a victim, in order to later assume the identity of the victim using the given session id. If the issue occurs with a non-login page, the URL and fixed session id may only be used by an attacker to track an unauthenticated user’s actions. If the vulnerability occurs on a cookie field or a form field (POST parameter) rather than on a URL (GET) parameter, then some other vulnerability may also be required in order to set the cookie field on the victim’s browser, to allow the vulnerability to be exploited.</p> Session Fixation /docs/alerts/40013-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40013-6/ <p>Session Fixation may be possible. If this issue occurs with a login URL (where the user authenticates themselves to the application), then the URL may be given by an attacker, along with a fixed session id, to a victim, in order to later assume the identity of the victim using the given session id. If the issue occurs with a non-login page, the URL and fixed session id may only be used by an attacker to track an unauthenticated user’s actions. If the vulnerability occurs on a cookie field or a form field (POST parameter) rather than on a URL (GET) parameter, then some other vulnerability may also be required in order to set the cookie field on the victim’s browser, to allow the vulnerability to be exploited.</p> Session Fixation /docs/alerts/40013/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40013/ Session ID Cookie Accessible to JavaScript /docs/alerts/40013-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40013-2/ <p>A Session Id cookie sent by the server (when the URL is modified by setting the named parameter field to NULL) may be accessed by JavaScript on the client. In conjunction with another vulnerability, this may allow the session to be hijacked.</p> Session ID Expiry Time/Max-Age is Excessive /docs/alerts/40013-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40013-3/ <p>A Session Id cookie sent by the server (when the URL is modified by setting the named parameter field to NULL) is set to be valid for an excessive period of time. This may be exploitable by an attacker if the user forgets to log out, if the logout functionality does not correctly destroy the session, or if the session id is compromised by some other means.</p> Session ID in URL Rewrite /docs/alerts/3-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/3-1/ <p>URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.</p> Session ID in URL Rewrite /docs/alerts/3-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/3-2/ <p>URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.</p> Session ID in URL Rewrite /docs/alerts/3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/3/ Session ID Transmitted Insecurely /docs/alerts/40013-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40013-1/ <p>A session id may be sent via an insecure mechanism. In the case of a cookie sent in the request, this occurs when HTTP, rather than HTTPS, is used. In the case of a cookie sent by the server in response (when the URL is modified by setting the named parameter field to NULL), the ‘secure’ flag is not set, allowing the cookie to be sent later via HTTP rather than via HTTPS. This may allow a passive eavesdropper on the network path to gain full access to the victim’s session.</p> Session Management Response Identified /docs/alerts/10112/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10112/ <p>The given response has been identified as containing a session management token. The ‘Other Info’ field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to “Auto-Detect” then this rule will change the session management to use the tokens identified.</p> setInterval(string) from storage/referrer taint /docs/alerts/210018-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210018-5/ <p>Storage/referrer taint reached setInterval(string).</p> <p>Generated by OWASP PTK IAST Module</p> setTimeout(string) from storage/referrer taint /docs/alerts/210018-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210018-4/ <p>Storage/referrer taint reached setTimeout(string).</p> <p>Generated by OWASP PTK IAST Module</p> Slack token pattern /docs/alerts/200011-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200011-3/ <p>Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.</p> <p>Generated by OWASP PTK DAST Module</p> SOAP Action Spoofing /docs/alerts/90026/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90026/ <p>An unintended SOAP operation was executed by the server.</p> SOAP XML Injection /docs/alerts/90029/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90029/ <p>Some XML injected code has been interpreted by the server.</p> Social Security Number /docs/alerts/200006-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200006-2/ <p>Sensitive data is anything that should not be accessible to admin access, known as sensitive data. Sensitive data may include personally identifiable information (PII), such as Social Security numbers, financial information, or login credentials. Sensitive Data Exposure occurs when an organization unknowingly exposes sensitive data or when a security incident leads to the accidental or unlawful destruction, loss, alteration, or admin disclosure of, or access to sensitive data.</p> Source Code Disclosure - /WEB-INF Folder /docs/alerts/10045-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10045-1/ <p>Java source code was disclosed by the web server in Java class files in the WEB-INF folder. The class files can be dis-assembled to produce source code which very closely matches the original source code.</p> Source Code Disclosure - /WEB-INF Folder /docs/alerts/10045/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10045/ Source Code Disclosure - CVE-2012-1823 /docs/alerts/20017/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20017/ <p>Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped “=” character, enabling PHP source code disclosure, and arbitrary code execution. In this case, the contents of the PHP file were served directly to the web browser. This output will typically contain PHP, although it may also contain straight HTML.</p> Source Code Disclosure - File Inclusion /docs/alerts/43/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/43/ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p> Source Code Disclosure - Git /docs/alerts/41/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/41/ <p>The source code for the current page was disclosed by the web server.</p> Source Code Disclosure - PHP /docs/alerts/10099/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10099/ <p>Application Source Code was disclosed by the web server. - PHP</p> Source Code Disclosure - SVN /docs/alerts/42/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/42/ <p>The source code for the current page was disclosed by the web server.</p> SPA hash DOM XSS /docs/alerts/200007/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200007/ <p>Tests hash-based SPA parameters (http://host/#/route?param=…) for DOM XSS by mutating the hash in a dedicated attack tab and inspecting the DOM.</p> <p>Generated by OWASP PTK DAST Module</p> Specify postMessage targetOrigin /docs/alerts/220008-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-2/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> Split Viewstate in Use /docs/alerts/10032-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10032-6/ <p>This website uses ASP.NET’s Viewstate and its value is split into several chunks.</p> Spring Actuator Information Leak /docs/alerts/40042/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40042/ <p>Spring Actuator for Health is enabled and may reveal sensitive information about this application. Spring Actuators can be used for real monitoring purposes, but should be used with caution as to not expose too much information about the application or the infrastructure running it.</p> Spring Boot actuator endpoint observed /docs/alerts/200019-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200019-3/ <p>Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).</p> <p>Generated by OWASP PTK DAST Module</p> Spring4Shell /docs/alerts/40045/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40045/ <p>The application appears to be vulnerable to CVE-2022-22965 (otherwise known as Spring4Shell) - remote code execution (RCE) via data binding.</p> SQL Injection /docs/alerts/200000/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200000/ SQL Injection /docs/alerts/40018/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40018/ <p>SQL injection may be possible.</p> SQL Injection - Double Quote (after) /docs/alerts/200000-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200000-4/ <p>A SQL injection attack consists of insertion or injection of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands.</p> SQL Injection - Double Quote (before) /docs/alerts/200000-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200000-2/ <p>A SQL injection attack consists of insertion or injection of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands.</p> SQL Injection - Hypersonic SQL (Time Based) /docs/alerts/40020/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40020/ <p>SQL injection may be possible.</p> SQL Injection - MsSQL (Time Based) /docs/alerts/40027/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40027/ <p>SQL injection may be possible.</p> SQL Injection - MySQL (Time Based) /docs/alerts/40019/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40019/ <p>SQL injection may be possible.</p> SQL Injection - Oracle (Time Based) /docs/alerts/40021/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40021/ <p>SQL injection may be possible.</p> SQL Injection - PostgreSQL (Time Based) /docs/alerts/40022/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40022/ <p>SQL injection may be possible.</p> SQL Injection - Single Quote (after) /docs/alerts/200000-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200000-3/ <p>A SQL injection attack consists of insertion or injection of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands.</p> SQL Injection - Single Quote (before) /docs/alerts/200000-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200000-1/ <p>A SQL injection attack consists of insertion or injection of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands.</p> SQL Injection - SQLite (Time Based) /docs/alerts/40024-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40024-1/ <p>SQL injection may be possible.</p> SQL Injection - SQLite (Time Based) /docs/alerts/40024-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40024-2/ <p>SQL injection may be possible.</p> SQL Injection - SQLite (Time Based) /docs/alerts/40024/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40024/ SSRF / webhook URL candidate parameter /docs/alerts/200015-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200015-2/ <p>Flags request parameters and JSON keys commonly associated with high-impact findings (open redirect, SSRF, IDOR, file/path traversal).</p> <p>Generated by OWASP PTK DAST Module</p> Storable and Cacheable Content /docs/alerts/10049-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10049-3/ <p>The response contents are storable by caching components such as proxy servers, and may be retrieved directly from the cache, rather than from the origin server by the caching servers, in response to similar requests from other users. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where “shared” caching servers such as “proxy” caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.</p> Storable but Non-Cacheable Content /docs/alerts/10049-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10049-2/ <p>The response contents are storable by caching components such as proxy servers, but will not be retrieved directly from the cache, without validating the request upstream, in response to similar requests from other users.</p> Storage/referrer taint to execution sinks /docs/alerts/210018/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210018/ Strict-Transport-Security Defined via META (Non-compliant with Spec) /docs/alerts/10035-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10035-6/ <p>A HTTP Strict Transport Security (HSTS) META tag was found, defining HTTP Strict Transport Security (HSTS) via a META tag is explicitly not supported by the spec (RFC 6797).</p> Strict-Transport-Security Disabled /docs/alerts/10035-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10035-2/ <p>A HTTP Strict Transport Security (HSTS) header was found, but it contains the directive max-age=0 which disables the control and instructs browsers to reset any previous HSTS related settings. See RFC 6797 for further details. HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).</p> Strict-Transport-Security Header /docs/alerts/10035/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10035/ Strict-Transport-Security Header Not Set /docs/alerts/10035-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10035-1/ <p>HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.</p> Strict-Transport-Security Header on Plain HTTP Response /docs/alerts/10035-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10035-4/ <p>A HTTP Strict Transport Security (HSTS) header was found, but HSTS headers are ignored on plain (non-HTTPS) responses. HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).</p> Strict-Transport-Security Malformed Content (Non-compliant with Spec) /docs/alerts/10035-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10035-8/ <p>A HTTP Strict Transport Security (HSTS) header was found, but it contains some content that was not expected (perhaps curly quotes), the expectation is that the content be printable ASCII characters.</p> Strict-Transport-Security Max-Age Malformed (Non-compliant with Spec) /docs/alerts/10035-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10035-7/ <p>A HTTP Strict Transport Security (HSTS) header was found, but it contains quotes preceding the max-age directive (the max-age value can be quoted, but the directive itself cannot be). See RFC 6797 for further details. HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).</p> Strict-Transport-Security Missing Max-Age (Non-compliant with Spec) /docs/alerts/10035-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10035-5/ <p>A HTTP Strict Transport Security (HSTS) header was found, but it is missing the max-age directive (or the directive is missing a value). See RFC 6797 for further details. HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).</p> Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec) /docs/alerts/10035-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10035-3/ <p>HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied. HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).</p> Strict-Transport-Security sent over HTTP (ineffective) /docs/alerts/200005-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-6/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> Stripe publishable key exposed /docs/alerts/200011-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200011-7/ <p>Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.</p> <p>Generated by OWASP PTK DAST Module</p> Sub Resource Integrity Attribute Missing /docs/alerts/90003/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90003/ <p>The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.</p> Suspicious Input Transformation /docs/alerts/100044/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044/ Suspicious Input Transformation - Arithmetic Evaluation /docs/alerts/100044-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-2/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> Suspicious Input Transformation - EL Evaluation /docs/alerts/100044-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-5/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> Suspicious Input Transformation - Expression Evaluation /docs/alerts/100044-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-3/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> Suspicious Input Transformation - Quote Consumption /docs/alerts/100044-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-1/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> Suspicious Input Transformation - Template Evaluation /docs/alerts/100044-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-4/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> Suspicious Input Transformation - Unicode Byte Truncation /docs/alerts/100044-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-8/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> Suspicious Input Transformation - Unicode Case Conversion /docs/alerts/100044-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-9/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> Suspicious Input Transformation - Unicode Combining Diacritic /docs/alerts/100044-10/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-10/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> Suspicious Input Transformation - Unicode Normalisation /docs/alerts/100044-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-6/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> Suspicious Input Transformation - URL Decoding Error /docs/alerts/100044-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-7/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> Swagger UI detected /docs/alerts/200012-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200012-1/ <p>Detects exposure of API documentation, specs, and interactive consoles observed in traffic.</p> <p>Generated by OWASP PTK DAST Module</p> Swagger UI Secret & Vulnerability Detector /docs/alerts/100043/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100043/ Swagger/OpenAPI path observed /docs/alerts/200019-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200019-4/ <p>Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).</p> <p>Generated by OWASP PTK DAST Module</p> Tainted dangerous key used in prototype write /docs/alerts/210008-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210008-2/ <p>Tainted data reached a dangerous prototype key write.</p> <p>Generated by OWASP PTK IAST Module</p> Tainted data compiled as AngularJS template /docs/alerts/220004-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220004-2/ <p>Finds AngularJS code patterns where untrusted data is compiled or parsed as AngularJS expressions/templates, including $parse, $interpolate, $compile, interpolation delimiters and ng-* expression attributes.</p> <p>Generated by OWASP PTK SAST Module</p> Tainted data passed to AngularJS $parse /docs/alerts/220004-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220004-1/ <p>Finds AngularJS code patterns where untrusted data is compiled or parsed as AngularJS expressions/templates, including $parse, $interpolate, $compile, interpolation delimiters and ng-* expression attributes.</p> <p>Generated by OWASP PTK SAST Module</p> Tainted network destination URL /docs/alerts/220006-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220006-5/ <p>Detects client-side request destinations for beacon, EventSource, and Axios that can be influenced by attacker-controlled input.</p> <p>Generated by OWASP PTK SAST Module</p> Tainted string executed via setInterval /docs/alerts/210011-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210011-2/ <p>Tainted string passed as the first argument to setInterval(), leading to repeated code execution.</p> <p>Generated by OWASP PTK IAST Module</p> Tainted string executed via setTimeout /docs/alerts/210011-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210011-1/ <p>Tainted string passed as the first argument to setTimeout(), leading to code execution.</p> <p>Generated by OWASP PTK IAST Module</p> Tainted URL assigned to element.href /docs/alerts/210014-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210014-1/ <p>Tainted URL assigned to an element href attribute.</p> <p>Generated by OWASP PTK IAST Module</p> Tainted URL assigned to element.src /docs/alerts/210014-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210014-2/ <p>Tainted URL assigned to a non-script/iframe/src element src attribute.</p> <p>Generated by OWASP PTK IAST Module</p> Tainted URL assigned to form action /docs/alerts/210014-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210014-3/ <p>Tainted URL assigned to a form action attribute.</p> <p>Generated by OWASP PTK IAST Module</p> Tainted URL assigned to formAction /docs/alerts/210014-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210014-4/ <p>Tainted URL assigned to a formAction attribute.</p> <p>Generated by OWASP PTK IAST Module</p> Tainted worker or script loader URL /docs/alerts/220007-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220007-8/ <p>Detects dynamic script, worker, and service-worker loader endpoints that can be influenced by attacker-controlled client-side data.</p> <p>Generated by OWASP PTK SAST Module</p> Tech Detection Passive Scanner /docs/alerts/10004/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10004/ <p>The following “Widgets” technology was identified: Example Software.</p> Telerik UI for ASP.NET AJAX Cryptographic Weakness (CVE-2017-9248) /docs/alerts/100021/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100021/ <p>A request has been made that appears to conform to poor cryptography used by Telerik UI for ASP.NET AJAX prior to v2017.2.621. An attacker could manipulate the value of the dp parameter to possibly learn the machine key and upload arbitrary files, which could then lead to the compromise of ASP.NET ViewStates and arbitrary code execution respectively. CVE-2017-9248 has a CVSSv3 score of 9.8.</p> Template injection (taint flow) /docs/alerts/220005-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220005-4/ <p>Detects dynamic client-side template compilation/rendering where attacker-controlled templates or outputs are injected into the DOM.</p> <p>Generated by OWASP PTK SAST Module</p> Template output injected into DOM /docs/alerts/220005-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220005-2/ <p>Detects dynamic client-side template compilation/rendering where attacker-controlled templates or outputs are injected into the DOM.</p> <p>Generated by OWASP PTK SAST Module</p> template.innerHTML with dynamic content /docs/alerts/220000-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220000-5/ <p>Detects cases where untrusted data from the DOM (URL, element values, storage, messages, etc.) flows into HTML/JS execution sinks (e.g., innerHTML, outerHTML, document.write, string-based setTimeout, insertAdjacentHTML) without proper sanitization or encoding \u2014 enabling DOM-based cross-site scripting.</p> <p>Generated by OWASP PTK SAST Module</p> Text4shell (CVE-2022-42889) /docs/alerts/40047/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40047/ <p>Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).</p> Timer-based JS execution sinks /docs/alerts/210011/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210011/ Timestamp Disclosure - Unix /docs/alerts/10096/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10096/ <p>A timestamp was disclosed by the application/web server. - Unix</p> Trace.axd Information Leak /docs/alerts/40029/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40029/ <p>The ASP.NET Trace Viewer (trace.axd) was found to be available. This component can leak a significant amount of valuable information.</p> Unexpected Content-Type was returned /docs/alerts/100001/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100001/ <p>A Content-Type of application/test was returned by the server. This is not one of the types expected to be returned by an API. Raised by the ‘Alert on Unexpected Content Types’ script</p> Untrusted DOM data into createHTMLDocument /docs/alerts/220010-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220010-2/ <p>Detects untrusted DOM data being written into form metadata (formAction/target/method/value/placeholder), inline style surfaces (style/cssText/background*), document.title, history state, or createHTMLDocument — mutations that influence UI/navigation state without covering classic href/src/action sinks already handled elsewhere.</p> <p>Generated by OWASP PTK SAST Module</p> Untrusted DOM data into navigation-adjacent sinks /docs/alerts/220010-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220010-1/ <p>Detects untrusted DOM data being written into form metadata (formAction/target/method/value/placeholder), inline style surfaces (style/cssText/background*), document.title, history state, or createHTMLDocument — mutations that influence UI/navigation state without covering classic href/src/action sinks already handled elsewhere.</p> <p>Generated by OWASP PTK SAST Module</p> Untrusted DOM data into UI mutation sinks /docs/alerts/220010-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220010-3/ <p>Detects untrusted DOM data being written into form metadata (formAction/target/method/value/placeholder), inline style surfaces (style/cssText/background*), document.title, history state, or createHTMLDocument — mutations that influence UI/navigation state without covering classic href/src/action sinks already handled elsewhere.</p> <p>Generated by OWASP PTK SAST Module</p> Upload Form Discovered /docs/alerts/100022/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100022/ <p>The presence of a file upload form can lead to various security vulnerabilities, such as uploading malicious files or overwriting existing files, if proper validation and restrictions are not implemented. This can result in unauthorized code execution, data breaches, or denial of service attacks.</p> Use of SAML /docs/alerts/10070/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10070/ <p><em>Unavailable</em></p> User Agent Fuzzer /docs/alerts/10104/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10104/ <p>Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.</p> User Controllable Charset /docs/alerts/10030/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10030/ <p>This check looks at user-supplied input in query string parameters and POST data to identify where Content-Type or meta tag charset declarations might be user-controlled. Such charset declarations should always be declared by the application. If an attacker can control the response charset, they could manipulate the HTML to perform XSS or other attacks. For example, an attacker controlling the  element charset value is able to declare UTF-7 and is also able to include enough user-controlled payload early in the HTML document to have it interpreted as UTF-7. By encoding their payload with UTF-7 the attacker is able to bypass any server-side XSS protections and embed script in the page.</p> User Controllable HTML Element Attribute (Potential XSS) /docs/alerts/10031/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10031/ <p>This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.</p> User Controllable JavaScript Event (XSS) /docs/alerts/10043/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10043/ <p>This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.</p> Username Hash Found /docs/alerts/10057/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10057/ <p>A hash of a username (admin) was found in the response. This may indicate that the application is subject to an Insecure Direct Object Reference (IDOR) vulnerability. Manual testing will be required to see if this discovery can be abused.</p> Username Hash Found in WebSocket message /docs/alerts/110007/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/110007/ <p>A Example hash of {Example / context: Example} was found in incoming WebSocket message. This may indicate that the application is subject to an Insecure Direct Object Reference (IDOR) vulnerability. Manual testing will be required to see if this discovery can be abused.</p> Verification Request Identified /docs/alerts/10113/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10113/ <p>The given request has been identified as a good candidate for authentication verification. If the request is in a context which has a Verification Strategy set to “Poll” but where the URL is empty then this rule will fill in the correct values.</p> Viewstate /docs/alerts/10032/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10032/ Viewstate without MAC Signature (Sure) /docs/alerts/10032-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10032-5/ <p>This website uses ASP.NET’s Viewstate but without any MAC.</p> Viewstate without MAC Signature (Unsure) /docs/alerts/10032-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10032-4/ <p>This website uses ASP.NET’s Viewstate but maybe without any MAC.</p> Vulnerable JS Library /docs/alerts/10003/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10003/ <p>The identified library appears to be vulnerable.</p> Vulnerable Swagger UI Version Detected /docs/alerts/100043-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100043-1/ <p>This Swagger UI version is known to contain vulnerabilities. Exploitation may allow unauthorized access, XSS, or token theft.</p> <p>Affected versions:</p> <ul> <li>Swagger UI v2 < 2.2.10</li> <li>Swagger UI v3 < 3.24.3</li> </ul> Weak Authentication Method /docs/alerts/10105-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10105-2/ <p>HTTP basic or digest authentication has been used over an unsecured connection. The credentials can be read and then reused by someone with access to the network.</p> Weak Authentication Method /docs/alerts/10105/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10105/ Web Cache Deception /docs/alerts/40039/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40039/ <p>Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page.</p> Web Message Handling /docs/alerts/220008/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008/ Web Message Injection (taint flow) /docs/alerts/220008-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-9/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> Webpack dev-server / hot reload artifacts /docs/alerts/200009-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200009-3/ <p>Detects source map references and common debug artifacts in observed HTML/JS responses. These are high-value recon leads for code disclosure and hidden endpoints.</p> <p>Generated by OWASP PTK DAST Module</p> Wildcard reply from message handler /docs/alerts/220008-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/220008-8/ <p>Detects unsafe postMessage usage and message event handling issues (missing origin validation, wildcard targetOrigin, tainted data flowing into DOM/code sinks).</p> <p>Generated by OWASP PTK SAST Module</p> window.open redirect from tainted source /docs/alerts/210019-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210019-4/ <p>Tainted value passed to window.open.</p> <p>Generated by OWASP PTK IAST Module</p> window.postMessage misuse /docs/alerts/210010/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210010/ ws:// from HTTPS context /docs/alerts/200008/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200008/ <p>Looks for common WebSocket endpoints and insecure patterns such as ws:// from HTTPS pages.</p> <p>Generated by OWASP PTK DAST Module</p> WSDL File Detection /docs/alerts/90030/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90030/ <p>A WSDL File has been detected.</p> X-AspNet-Version Response Header /docs/alerts/10061/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10061/ <p>Server leaks information via “X-AspNet-Version”/“X-AspNetMvc-Version” HTTP response header field(s).</p> X-Backend-Server Header Information Leak /docs/alerts/10039/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10039/ <p>The server is leaking information pertaining to backend systems (such as hostnames or IP addresses). Armed with this information an attacker may be able to attack other systems or more directly/efficiently attack those systems.</p> X-ChromeLogger-Data (XCOLD) Header Information Leak /docs/alerts/10052/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10052/ <p>The server is leaking information through the X-ChromeLogger-Data (or X-ChromePhp-Data) response header. The content of such headers can be customized by the developer, however it is not uncommon to find: server file system locations, vhost declarations, etc.</p> X-Content-Type-Options Header Missing /docs/alerts/10021/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10021/ <p>The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ’nosniff’. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.</p> X-Debug-Token Information Leak /docs/alerts/10056/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10056/ <p>The response contained an X-Debug-Token or X-Debug-Token-Link header. This indicates that Symfony’s Profiler may be in use and exposing sensitive data.</p> X-Frame-Options Defined via META (Non-compliant with Spec) /docs/alerts/10020-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10020-3/ <p>An X-Frame-Options (XFO) META tag was found, defining XFO via a META tag is explicitly not supported by the spec (RFC 7034).</p> X-Frame-Options Setting Malformed /docs/alerts/10020-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10020-4/ <p>An X-Frame-Options header was present in the response but the value was not correctly set.</p> X-Powered-By header or equivalent present /docs/alerts/200005-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-8/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> X-XSS-Protection header is a legacy directive /docs/alerts/200005-11/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200005-11/ <p>The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.</p> <p>Generated by OWASP PTK DAST Module</p> XML External Entity Attack /docs/alerts/90023/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90023/ <p>This technique takes advantage of a feature of XML to build documents dynamically at the time of processing. An XML message can either provide data explicitly or by pointing to an URI where the data exists. In the attack technique, external entities may replace the entity value with malicious data, alternate referrals or may compromise the security of the data the server/XML application has access to. Attackers may also use External Entities to have the web services server download malicious code or content to the server for use in secondary or follow on attacks.</p> XPath Injection /docs/alerts/90021/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90021/ <p>XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document. The syntax of XPath bears some resemblance to an SQL query, and indeed, it is possible to form SQL-like queries on an XML document using XPath.</p> XSLT Injection /docs/alerts/90017/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90017/ <p>Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.</p> XSS - attribute context img onerror /docs/alerts/200002-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-6/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - attribute-name event injection /docs/alerts/200002-17/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-17/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - double-quoted attribute event injection /docs/alerts/200002-14/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-14/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - Img onerror /docs/alerts/200002-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-4/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - Img onerror /docs/alerts/200002-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-5/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - JS block comment break-out /docs/alerts/200002-13/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-13/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - JS expression replacement /docs/alerts/200002-10/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-10/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - JS single-quoted string break-out /docs/alerts/200002-11/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-11/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - JS slash/regex literal break-out /docs/alerts/200002-12/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-12/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - JS string break-out /docs/alerts/200002-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-8/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - JS template literal break-out /docs/alerts/200002-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-9/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - Script tag after noscript tag /docs/alerts/200002-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-2/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - single-quoted attribute event injection /docs/alerts/200002-15/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-15/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - SVG onload polyglot /docs/alerts/200002-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-7/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - Svg tag with animation event /docs/alerts/200002-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-3/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - tag-name SVG onload injection /docs/alerts/200002-18/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-18/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - Unfiltered <script> tag /docs/alerts/200002-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-1/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> XSS - unquoted attribute event injection /docs/alerts/200002-16/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200002-16/ <p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p> ZAP is Out of Date /docs/alerts/10116/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10116/ <p>The version of ZAP you are using to test your app is out of date and is no longer being updated. The risk level is set based on how out of date your ZAP version is.</p>