ZAP Scanning Report

Generated with ZAP on Wed 14 Jun 2023, at 11:19:01

ZAP Version: 2.12.0

Contents

About this report

Report parameters

Contexts

No contexts were selected, so all contexts were included by default.

Sites

The following sites were included:

  • http://68.183.67.32:8080

(If no sites were selected, all sites were included by default.)

An included site must also be within one of the included contexts for its data to be included in the report.

Risk levels

Included: High, Medium, Low, Informational

Excluded: None

Confidence levels

Included: User Confirmed, High, Medium, Low

Excluded: User Confirmed, High, Medium, Low, False Positive

Summaries

Alert counts by risk and confidence

This table shows the number of alerts for each level of risk and confidence included in the report.

(The percentages in brackets represent the count as a percentage of the total number of alerts included in the report, rounded to one decimal place.)
Confidence
User Confirmed High Medium Low Total
Risk High 0
(0.0%)		 0
(0.0%)		 0
(0.0%)		 0
(0.0%)		 0
(0.0%)
Medium 0
(0.0%)		 1
(16.7%)		 0
(0.0%)		 1
(16.7%)		 2
(33.3%)
Low 0
(0.0%)		 0
(0.0%)		 2
(33.3%)		 0
(0.0%)		 2
(33.3%)
Informational 0
(0.0%)		 0
(0.0%)		 1
(16.7%)		 1
(16.7%)		 2
(33.3%)
Total 0
(0.0%)		 1
(16.7%)		 3
(50.0%)		 2
(33.3%)		 6
(100%)

Alert counts by site and risk

This table shows, for each site for which one or more alerts were raised, the number of alerts raised at each risk level.

Alerts with a confidence level of "False Positive" have been excluded from these counts.

(The numbers in brackets are the number of alerts raised for the site at or above that risk level.)
Risk
High
(= High) 		Medium
(>= Medium) 		Low
(>= Low) 		Informational
(>= Informational)
Site http://68.183.67.32:8080 0
(0)		 2
(2)		 2
(4)		 2
(6)

Alert counts by alert type

This table shows the number of alerts of each alert type, together with the alert type's risk level.

(The percentages in brackets represent each count as a percentage, rounded to one decimal place, of the total number of alerts included in this report.)
Alert type Risk Count
Absence of Anti-CSRF Tokens Medium 5
(83.3%)
Content Security Policy (CSP) Header Not Set Medium 5
(83.3%)
Cookie No HttpOnly Flag Low 1
(16.7%)
Cookie without SameSite Attribute Low 1
(16.7%)
User Agent Fuzzer Informational 98
(1,633.3%)
User Controllable HTML Element Attribute (Potential XSS) Informational 5
(83.3%)
Total 6

Alerts

  1. Risk=Medium, Confidence=High (1)

    1. http://68.183.67.32:8080 (1)

      1. Content Security Policy (CSP) Header Not Set (1)
        1. GET http://68.183.67.32:8080/WebGoat
          Alert tags
          Alert description

          Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
          Request
          Request line and header section (211 bytes) 
          GET http://68.183.67.32:8080/WebGoat HTTP/1.1
Host: 68.183.67.32:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Pragma: no-cache
Cache-Control: no-cache
          Request body (0 bytes)
          Response
          Status line and header section (241 bytes) 
          HTTP/1.1 200 OK
Connection: keep-alive
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en-
Date: Wed, 14 Jun 2023 09:13:11 GMT
Content-Length: 1916
          Response body (1916 bytes) 
          <!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Login Page</title>
    <link rel="shortcut icon" href="/WebGoat/css/img/favicon.ico" type="image/x-icon"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/css/main.css"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/plugins/bootstrap/css/bootstrap.min.css"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/css/font-awesome.min.css"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/css/animate.css"/>
</head>
<body>
<section id="container">
    <header id="header">
        <div class="brand">
            <a href="/WebGoat/start.mvc" class="logo"><span>Web</span>Goat</a>
        </div>
        <div class="lessonTitle">
        </div>

    </header>
    <section class="main-content-wrapper">

        <section id="main-content">
            
            
            <br/><br/>
            <form action="/WebGoat/login" method='POST' style="width: 200px;">
                <div class="form-group">
                    <label for="exampleInputEmail1">Username</label>
                    <input autofocus="dummy_for_thymeleaf_parser" type="text" class="form-control"
                           id="exampleInputEmail1" placeholder="Username" name='username' />
                </div>
                <div class="form-group">
                    <label for="exampleInputPassword1">Password</label>
                    <input type="password" class="form-control" id="exampleInputPassword1" placeholder="Password"
                           name='password' />
                </div>
                <button class="btn btn-primary btn-block" type="submit">Sign in</button>
                <div class="text-center"><a href="/WebGoat/registration">or register yourself as a new user</a></div>
            </form>
            <br/><br/>
        </section>
    </section>
</section>


</body>
</html>
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.

  2. Risk=Medium, Confidence=Low (1)

    1. http://68.183.67.32:8080 (1)

      1. Absence of Anti-CSRF Tokens (1)
        1. GET http://68.183.67.32:8080/WebGoat
          Alert tags
          Alert description

          No Anti-CSRF tokens were found in a HTML submission form.

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "exampleInputEmail1" "exampleInputPassword1" ].
          Request
          Request line and header section (211 bytes) 
          GET http://68.183.67.32:8080/WebGoat HTTP/1.1
Host: 68.183.67.32:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Pragma: no-cache
Cache-Control: no-cache
          Request body (0 bytes)
          Response
          Status line and header section (241 bytes) 
          HTTP/1.1 200 OK
Connection: keep-alive
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en-
Date: Wed, 14 Jun 2023 09:13:11 GMT
Content-Length: 1916
          Response body (1916 bytes) 
          <!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Login Page</title>
    <link rel="shortcut icon" href="/WebGoat/css/img/favicon.ico" type="image/x-icon"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/css/main.css"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/plugins/bootstrap/css/bootstrap.min.css"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/css/font-awesome.min.css"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/css/animate.css"/>
</head>
<body>
<section id="container">
    <header id="header">
        <div class="brand">
            <a href="/WebGoat/start.mvc" class="logo"><span>Web</span>Goat</a>
        </div>
        <div class="lessonTitle">
        </div>

    </header>
    <section class="main-content-wrapper">

        <section id="main-content">
            
            
            <br/><br/>
            <form action="/WebGoat/login" method='POST' style="width: 200px;">
                <div class="form-group">
                    <label for="exampleInputEmail1">Username</label>
                    <input autofocus="dummy_for_thymeleaf_parser" type="text" class="form-control"
                           id="exampleInputEmail1" placeholder="Username" name='username' />
                </div>
                <div class="form-group">
                    <label for="exampleInputPassword1">Password</label>
                    <input type="password" class="form-control" id="exampleInputPassword1" placeholder="Password"
                           name='password' />
                </div>
                <button class="btn btn-primary btn-block" type="submit">Sign in</button>
                <div class="text-center"><a href="/WebGoat/registration">or register yourself as a new user</a></div>
            </form>
            <br/><br/>
        </section>
    </section>
</section>


</body>
</html>
          Evidence 
          <form action="/WebGoat/login" method='POST' style="width: 200px;">
          Solution

          Phase: Architecture and Design

          Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

  3. Risk=Low, Confidence=Medium (2)

    1. http://68.183.67.32:8080 (2)

      1. Cookie No HttpOnly Flag (1)
        1. GET http://68.183.67.32:8080/WebGoat/
          Alert tags
          Alert description

          A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.
          Request
          Request line and header section (255 bytes) 
          GET http://68.183.67.32:8080/WebGoat/ HTTP/1.1
Host: 68.183.67.32:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Pragma: no-cache
Cache-Control: no-cache
Referer: http://68.183.67.32:8080/WebGoat
          Request body (0 bytes)
          Response
          Status line and header section (309 bytes) 
          HTTP/1.1 302 Found
Connection: keep-alive
Set-Cookie: JSESSIONID=POwneQif5G3Orrmzx5KawWBkqfOrCLrrXGvgwJTP; path=/WebGoat
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Location: http://68.183.67.32:8080/WebGoat/login
Content-Length: 0
Date: Wed, 14 Jun 2023 09:13:11 GMT
          Response body (0 bytes)
          Parameter 
          JSESSIONID
          Evidence 
          Set-Cookie: JSESSIONID
          Solution

          Ensure that the HttpOnly flag is set for all cookies.
      2. Cookie without SameSite Attribute (1)
        1. GET http://68.183.67.32:8080/WebGoat/
          Alert tags
          Alert description

          A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.
          Request
          Request line and header section (255 bytes) 
          GET http://68.183.67.32:8080/WebGoat/ HTTP/1.1
Host: 68.183.67.32:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Pragma: no-cache
Cache-Control: no-cache
Referer: http://68.183.67.32:8080/WebGoat
          Request body (0 bytes)
          Response
          Status line and header section (309 bytes) 
          HTTP/1.1 302 Found
Connection: keep-alive
Set-Cookie: JSESSIONID=POwneQif5G3Orrmzx5KawWBkqfOrCLrrXGvgwJTP; path=/WebGoat
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Location: http://68.183.67.32:8080/WebGoat/login
Content-Length: 0
Date: Wed, 14 Jun 2023 09:13:11 GMT
          Response body (0 bytes)
          Parameter 
          JSESSIONID
          Evidence 
          Set-Cookie: JSESSIONID
          Solution

          Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.

  4. Risk=Informational, Confidence=Medium (1)

    1. http://68.183.67.32:8080 (1)

      1. User Agent Fuzzer (1)
        1. POST http://68.183.67.32:8080/WebGoat/login
          Alert tags
          Alert description

          Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.
          Request
          Request line and header section (367 bytes) 
          POST http://68.183.67.32:8080/WebGoat/login HTTP/1.1
Host: 68.183.67.32:8080
user-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Pragma: no-cache
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Referer: http://68.183.67.32:8080/WebGoat/login
Content-Length: 25
Cookie: JSESSIONID=POwneQif5G3Orrmzx5KawWBkqfOrCLrrXGvgwJTP
          Request body (25 bytes) 
          username=ZAP&password=ZAP
          Response
          Status line and header section (241 bytes) 
          HTTP/1.1 200 OK
Connection: keep-alive
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en-
Date: Wed, 14 Jun 2023 09:17:07 GMT
Content-Length: 1994
          Response body (1994 bytes) 
          <!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Login Page</title>
    <link rel="shortcut icon" href="/WebGoat/css/img/favicon.ico" type="image/x-icon"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/css/main.css"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/plugins/bootstrap/css/bootstrap.min.css"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/css/font-awesome.min.css"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/css/animate.css"/>
</head>
<body>
<section id="container">
    <header id="header">
        <div class="brand">
            <a href="/WebGoat/start.mvc" class="logo"><span>Web</span>Goat</a>
        </div>
        <div class="lessonTitle">
        </div>

    </header>
    <section class="main-content-wrapper">

        <section id="main-content">
            <div>
                <p>Invalid username and password.</p>
            </div>
            
            <br/><br/>
            <form action="/WebGoat/login" method='POST' style="width: 200px;">
                <div class="form-group">
                    <label for="exampleInputEmail1">Username</label>
                    <input autofocus="dummy_for_thymeleaf_parser" type="text" class="form-control"
                           id="exampleInputEmail1" placeholder="Username" name='username' />
                </div>
                <div class="form-group">
                    <label for="exampleInputPassword1">Password</label>
                    <input type="password" class="form-control" id="exampleInputPassword1" placeholder="Password"
                           name='password' />
                </div>
                <button class="btn btn-primary btn-block" type="submit">Sign in</button>
                <div class="text-center"><a href="/WebGoat/registration">or register yourself as a new user</a></div>
            </form>
            <br/><br/>
        </section>
    </section>
</section>


</body>
</html>
          Parameter 
          Header User-Agent
          Attack 
          Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)

  5. Risk=Informational, Confidence=Low (1)

    1. http://68.183.67.32:8080 (1)

      1. User Controllable HTML Element Attribute (Potential XSS) (1)
        1. POST http://68.183.67.32:8080/WebGoat/register.mvc
          Alert tags
          Alert description

          This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.
          Other info

          User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:

          http://68.183.67.32:8080/WebGoat/register.mvc

          appears to include user input in:

          a(n) [input] tag [value] attribute

          The user input found was:

          matchingPassword=ZAP

          The user-controlled value was:

          zap
          Request
          Request line and header section (411 bytes) 
          POST http://68.183.67.32:8080/WebGoat/register.mvc HTTP/1.1
Host: 68.183.67.32:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Pragma: no-cache
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Referer: http://68.183.67.32:8080/WebGoat/registration
Content-Length: 58
Cookie: JSESSIONID=POwneQif5G3Orrmzx5KawWBkqfOrCLrrXGvgwJTP
          Request body (58 bytes) 
          username=ZAP&password=ZAP&matchingPassword=ZAP&agree=agree
          Response
          Status line and header section (241 bytes) 
          HTTP/1.1 200 OK
Connection: keep-alive
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en-
Date: Wed, 14 Jun 2023 09:13:12 GMT
Content-Length: 4410
          Response body (4410 bytes) 
          <!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Login Page</title>
    <link rel="stylesheet" type="text/css" href="/WebGoat/css/main.css"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/plugins/bootstrap/css/bootstrap.min.css"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/css/font-awesome.min.css"/>
    <link rel="stylesheet" type="text/css" href="/WebGoat/css/animate.css"/>
</head>
<body>
<section id="container">
    <header id="header">
        <div class="brand">
            <a href="/WebGoat/start.mvc" class="logo"><span>Web</span>Goat</a>
        </div>
        <div class="lessonTitle">
        </div>

    </header>
    <section class="main-content-wrapper">

        <section id="main-content">
            <br/><br/>
            <fieldset>
                <legend>Register </legend>
                <form class="form-horizontal" action="/WebGoat/register.mvc" method='POST'>

                    <div class="form-group has-error">
                        <label for="username" class="col-sm-2 control-label">Username</label>
                        <div class="col-sm-4">
                            <input autofocus="dummy_for_thymeleaf_parser" type="text" class="form-control"
                                   id="username" placeholder="Username" name='username' value="ZAP"/>
                        </div>
                        <span>size must be between 6 and 45<br />can only contain lowercase letters, digits, and -</span>
                    </div>
                    <div class="form-group has-error">
                        <label for="password" class="col-sm-2 control-label">Password</label>
                        <div class="col-sm-4">
                            <input type="password" class="form-control" id="password" placeholder="Password"
                                   name='password' value="ZAP"/>
                        </div>
                        <span>size must be between 6 and 10</span>
                    </div>
                    <div class="form-group has-error">
                        <label for="matchingPassword" class="col-sm-2 control-label">Confirm password</label>
                        <div class="col-sm-4">
                            <input type="password" class="form-control" id="matchingPassword" placeholder="Password"
                                   name='matchingPassword' value="ZAP"/>
                        </div>
                        <span>size must be between 6 and 10</span>

                    </div>

                    <div class="form-group">
                        <label class="col-sm-2 control-label">Terms of use</label>
                        <div class="col-sm-6">
                            <div style="border: 1px solid #e5e5e5; height: 200px; overflow: auto; padding: 10px;">
                                <p >While running this program your machine will be extremely vulnerable to attack.You should disconnect from the Internet while using this program. WebGoat&#39;s default configuration binds to localhost to minimize the exposure. </p>
                                <p>This program is for educational purposes only. If you attempt these techniques without authorization, you are very likely to get caught. If you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.</p>
                            </div>
                        </div>
                    </div>

                    <div class="form-group">
                        <div class="col-sm-6 col-sm-offset-2">
                            <div class="checkbox">
                                <label>
                                    <input type="checkbox" name="agree" value="agree"/><p>Agree with the terms and conditions</p>
                                </label>
                            </div>
                        </div>
                    </div>

                    <div class="form-group">
                        <div class="col-sm-offset-2 col-sm-6">
                            <button type="submit" class="btn btn-primary">Sign up</button>
                        </div>
                    </div>
                </form>
            </fieldset>
        </section>
    </section>
</section>


</body>
</html>
          Parameter 
          matchingPassword
          Solution

          Validate all input and sanitize output it before writing to any HTML attributes.

Appendix

Alert types

This section contains additional information on the types of alerts in the report.

  1. Absence of Anti-CSRF Tokens

    Source raised by a passive scanner (Absence of Anti-CSRF Tokens)
    CWE ID 352
    WASC ID 9
    Reference
    1. http://projects.webappsec.org/Cross-Site-Request-Forgery
    2. http://cwe.mitre.org/data/definitions/352.html

  2. Content Security Policy (CSP) Header Not Set

    Source raised by a passive scanner (Content Security Policy (CSP) Header Not Set)
    CWE ID 693
    WASC ID 15
    Reference
    1. https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
    2. https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
    3. http://www.w3.org/TR/CSP/
    4. http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html
    5. http://www.html5rocks.com/en/tutorials/security/content-security-policy/
    6. http://caniuse.com/#feat=contentsecuritypolicy
    7. http://content-security-policy.com/

  3. Cookie No HttpOnly Flag

    Source raised by a passive scanner (Cookie No HttpOnly Flag)
    CWE ID 1004
    WASC ID 13
    Reference
    1. https://owasp.org/www-community/HttpOnly

  4. Cookie without SameSite Attribute

    Source raised by a passive scanner (Cookie without SameSite Attribute)
    CWE ID 1275
    WASC ID 13
    Reference
    1. https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site

  5. User Agent Fuzzer

    Source raised by an active scanner (User Agent Fuzzer)
    Reference
    1. https://owasp.org/wstg

  6. User Controllable HTML Element Attribute (Potential XSS)

    Source raised by a passive scanner (User Controllable HTML Element Attribute (Potential XSS))
    CWE ID 20
    WASC ID 20
    Reference
    1. http://websecuritytool.codeplex.com/wikipage?title=Checks#user-controlled-html-attribute