Solution |
diff --git a/results/aHR0cHM6Ly9jYXNzaW9wZWUuZmFibnVtLmZyLw==/zap.json b/results/aHR0cHM6Ly9jYXNzaW9wZWUuZmFibnVtLmZyLw==/zap.json
index 135fecbeab0..f86116fcd22 100644
--- a/results/aHR0cHM6Ly9jYXNzaW9wZWUuZmFibnVtLmZyLw==/zap.json
+++ b/results/aHR0cHM6Ly9jYXNzaW9wZWUuZmFibnVtLmZyLw==/zap.json
@@ -1,6 +1,6 @@
{
"@version": "2.11.1",
- "@generated": "Sun, 24 Apr 2022 10:11:39",
+ "@generated": "Sun, 1 May 2022 10:24:05",
"site":[
{
"@name": "https://cassiopee.fabnum.fr",
@@ -41,6 +41,32 @@
"wascid": "15",
"sourceid": "1"
},
+ {
+ "pluginid": "10110",
+ "alertRef": "10110",
+ "alert": "Dangerous JS Functions",
+ "name": "Dangerous JS Functions",
+ "riskcode": "1",
+ "confidence": "1",
+ "riskdesc": "Low (Low)",
+ "desc": "A dangerous JS function seems to be in use that would leave the site vulnerable.
",
+ "instances":[
+ {
+ "uri": "https://cassiopee.fabnum.fr/_nuxt/9690f2e.js",
+ "method": "GET",
+ "param": "",
+ "attack": "",
+ "evidence": "eval"
+ }
+ ],
+ "count": "1",
+ "solution": "See the references for security advice on the use of these functions.
",
+ "otherinfo": "",
+ "reference": "https://angular.io/guide/security
",
+ "cweid": "749",
+ "wascid": "-1",
+ "sourceid": "29"
+ },
{
"pluginid": "10063",
"alertRef": "10063",
@@ -72,6 +98,13 @@
"attack": "",
"evidence": ""
},
+ {
+ "uri": "https://cassiopee.fabnum.fr/_nuxt/9690f2e.js",
+ "method": "GET",
+ "param": "",
+ "attack": "",
+ "evidence": ""
+ },
{
"uri": "https://cassiopee.fabnum.fr/_nuxt/bc5fbea.js",
"method": "GET",
@@ -87,7 +120,7 @@
"evidence": ""
}
],
- "count": "5",
+ "count": "6",
"solution": "Ensure that your web server, application server, load balancer, etc. is configured to set the Permissions-Policy header.
",
"otherinfo": "",
"reference": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
https://developers.google.com/web/updates/2018/06/feature-policy
https://scotthelme.co.uk/a-new-security-header-feature-policy/
https://w3c.github.io/webappsec-feature-policy/
https://www.smashingmagazine.com/2018/12/feature-policy/
",
@@ -256,7 +289,7 @@
"evidence": ""
},
{
- "uri": "https://cassiopee.fabnum.fr/_nuxt/4970446.js",
+ "uri": "https://cassiopee.fabnum.fr/_nuxt/9690f2e.js",
"method": "GET",
"param": "X-Content-Type-Options",
"attack": "",
@@ -330,6 +363,13 @@
"attack": "",
"evidence": "fe6-3IUYA7pcDxZFJMNNa9n0H7ED/EA"
},
+ {
+ "uri": "https://cassiopee.fabnum.fr/_nuxt/9690f2e.js",
+ "method": "GET",
+ "param": "",
+ "attack": "",
+ "evidence": "UklGRiQAAABXRUJQVlA4IBgAAAAwAQCdASoBAAEAAwA0JaQAA3AA/vuUAAA="
+ },
{
"uri": "https://cassiopee.fabnum.fr/sitemap.xml",
"method": "GET",
@@ -338,7 +378,7 @@
"evidence": "fe6-3IUYA7pcDxZFJMNNa9n0H7ED/EA"
}
],
- "count": "2",
+ "count": "3",
"solution": "Manually confirm that the Base64 data does not leak sensitive information, and that the data cannot be aggregated/used to exploit other vulnerabilities.
",
"otherinfo": "}\uFFFD\u0705\\x0018\\x0003\uFFFD\\\\x000f\\x0016E$\uFFFDMk\uFFFD\uFFFD\\x001f\uFFFD\\x0003\uFFFD@
",
"reference": "http://projects.webappsec.org/w/page/13246936/Information%20Leakage
",
@@ -369,9 +409,16 @@
"param": "",
"attack": "",
"evidence": "query"
+ },
+ {
+ "uri": "https://cassiopee.fabnum.fr/_nuxt/9690f2e.js",
+ "method": "GET",
+ "param": "",
+ "attack": "",
+ "evidence": "bug"
}
],
- "count": "2",
+ "count": "3",
"solution": "Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
",
"otherinfo": "The following pattern was used: \\bQUERY\\b and was detected in the element starting with: \"(window.webpackJsonp=window.webpackJsonp||[]).push([[5],[,,,,,,function(t,e,n){\"use strict\";n.r(e),function(t,n){var r=Object.fr\", see evidence field for the suspicious comment/snippet.
",
"reference": "",
@@ -443,7 +490,7 @@
"reference": "https://tools.ietf.org/html/rfc7234
https://tools.ietf.org/html/rfc7231
http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (obsoleted by rfc7234)
",
"cweid": "524",
"wascid": "13",
- "sourceid": "6"
+ "sourceid": "7"
},
{
"pluginid": "10015",