diff --git a/alerttags/owasp_2017_a07/index.xml b/alerttags/owasp_2017_a07/index.xml
index d21dfea033..a8969712aa 100644
--- a/alerttags/owasp_2017_a07/index.xml
+++ b/alerttags/owasp_2017_a07/index.xml
@@ -21,6 +21,20 @@
/docs/alerts/40014/<p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+ Cross Site Scripting (Persistent) - Prime
+ /docs/alerts/40016/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40016/
+
+
+
+ Cross Site Scripting (Persistent) - Spider
+ /docs/alerts/40017/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40017/
+
+ Cross Site Scripting (Reflected)
/docs/alerts/40012/
diff --git a/alerttags/owasp_2021_a03/index.html b/alerttags/owasp_2021_a03/index.html
index 06f9ddc77a..f7fa06c4ef 100644
--- a/alerttags/owasp_2021_a03/index.html
+++ b/alerttags/owasp_2021_a03/index.html
@@ -181,6 +181,18 @@
diff --git a/alerttags/owasp_2021_a03/index.xml b/alerttags/owasp_2021_a03/index.xml
index 0e4486837c..caeedfaf10 100644
--- a/alerttags/owasp_2021_a03/index.xml
+++ b/alerttags/owasp_2021_a03/index.xml
@@ -49,6 +49,20 @@
/docs/alerts/40014/<p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+ Cross Site Scripting (Persistent) - Prime
+ /docs/alerts/40016/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40016/
+
+
+
+ Cross Site Scripting (Persistent) - Spider
+ /docs/alerts/40017/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40017/
+
+ Cross Site Scripting (Reflected)
/docs/alerts/40012/
diff --git a/alerttags/policy_api/index.html b/alerttags/policy_api/index.html
new file mode 100644
index 0000000000..8baca5f272
--- /dev/null
+++ b/alerttags/policy_api/index.html
@@ -0,0 +1,369 @@
+
+
+
+
+
+
+
+
+
+ ZAP – POLICY_API
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/alerttags/policy_api/index.xml b/alerttags/policy_api/index.xml
new file mode 100644
index 0000000000..ff66b4b811
--- /dev/null
+++ b/alerttags/policy_api/index.xml
@@ -0,0 +1,200 @@
+
+
+
+ POLICY_API on ZAP
+ /alerttags/policy_api/
+ Recent content in POLICY_API on ZAP
+ Hugo
+ en-us
+
+
+ Buffer Overflow
+ /docs/alerts/30001/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/30001/
+ <p>Buffer overflow errors are characterized by the overwriting of memory spaces of the background web process, which should have never been modified intentionally or unintentionally. Overwriting values of the IP (Instruction Pointer), BP (Base Pointer) and other registers causes exceptions, segmentation faults, and other process errors to occur. Usually these errors end execution of the application in an unexpected way.</p>
+
+
+ Cloud Metadata Potentially Exposed
+ /docs/alerts/90034/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90034/
+ <p>The Cloud Metadata Attack attempts to abuse a misconfigured NGINX server in order to access the instance metadata maintained by cloud service providers such as AWS, GCP and Azure.
All of these providers provide metadata via an internal unroutable IP address ‘169.254.169.254’ - this can be exposed by incorrectly configured NGINX servers and accessed by using this IP address in the Host header field.</p>
+
+
+ CRLF Injection
+ /docs/alerts/40003/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40003/
+ <p>Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response headers. In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist.</p>
+
+
+ Directory Browsing
+ /docs/alerts/0/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/0/
+ <p>It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.</p>
+
+
+ Exponential Entity Expansion (Billion Laughs Attack)
+ /docs/alerts/40044/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40044/
+ <p>An exponential entity expansion, or “billion laughs” attack is a type of denial-of-service (DoS) attack. It is aimed at parsers of markup languages like XML or YAML that allow macro expansions.</p>
+
+
+ Expression Language Injection
+ /docs/alerts/90025/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90025/
+ <p>The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-1/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-2/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-3/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-4/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-4/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ Format String Error
+ /docs/alerts/30002/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/30002/
+ <p>A Format String error occurs when the submitted data of an input string is evaluated as a command by the application.</p>
+
+
+ Integer Overflow Error
+ /docs/alerts/30003/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/30003/
+ <p>An integer overflow condition exists when an integer used in a compiled program extends beyond the range limits and has not been properly checked from the input stream.</p>
+
+
+ Parameter Tampering
+ /docs/alerts/40008/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40008/
+ <p>Parameter manipulation caused an error page or Java stack trace to be displayed. This indicated lack of exception handling and potential areas for further exploit.</p>
+
+
+ Remote File Inclusion
+ /docs/alerts/7/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/7/
+ <p>Remote File Include (RFI) is an attack technique used to exploit “dynamic file include” mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code.</p>
+
+
+ Remote OS Command Injection
+ /docs/alerts/90020/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90020/
+ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p>
+
+
+ Server Side Code Injection - ASP Code Injection
+ /docs/alerts/90019-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90019-2/
+ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p>
+
+
+ Server Side Code Injection - PHP Code Injection
+ /docs/alerts/90019-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90019-1/
+ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p>
+
+
+ Server Side Include
+ /docs/alerts/40009/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40009/
+ <p>Certain parameters may cause Server Side Include commands to be executed. This may allow database connection or arbitrary code to be executed.</p>
+
+
+ Server Side Template Injection
+ /docs/alerts/90035/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90035/
+ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p>
+
+
+ Server Side Template Injection (Blind)
+ /docs/alerts/90036/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90036/
+ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p>
+
+
+ SOAP Action Spoofing
+ /docs/alerts/90026/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90026/
+ <p>An unintended SOAP operation was executed by the server.</p>
+
+
+ SOAP XML Injection
+ /docs/alerts/90029/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90029/
+ <p>Some XML injected code has been interpreted by the server.</p>
+
+
+ Spring Actuator Information Leak
+ /docs/alerts/40042/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40042/
+ <p>Spring Actuator for Health is enabled and may reveal sensitive information about this application. Spring Actuators can be used for real monitoring purposes, but should be used with caution as to not expose too much information about the application or the infrastructure running it.</p>
+
+
+ SQL Injection
+ /docs/alerts/40018/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40018/
+ <p>SQL injection may be possible.</p>
+
+
+ XML External Entity Attack
+ /docs/alerts/90023/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90023/
+ <p>This technique takes advantage of a feature of XML to build documents dynamically at the time of processing. An XML message can either provide data explicitly or by pointing to an URI where the data exists. In the attack technique, external entities may replace the entity value with malicious data, alternate referrals or may compromise the security of the data the server/XML application has access to.
Attackers may also use External Entities to have the web services server download malicious code or content to the server for use in secondary or follow on attacks.</p>
+
+
+ XPath Injection
+ /docs/alerts/90021/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90021/
+ <p>XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document. The syntax of XPath bears some resemblance to an SQL query, and indeed, it is possible to form SQL-like queries on an XML document using XPath.</p>
+
+
+ XSLT Injection
+ /docs/alerts/90017/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90017/
+ <p>Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.</p>
+
+
+
diff --git a/alerttags/policy_dev_cicd/index.html b/alerttags/policy_dev_cicd/index.html
new file mode 100644
index 0000000000..78ac98bccb
--- /dev/null
+++ b/alerttags/policy_dev_cicd/index.html
@@ -0,0 +1,285 @@
+
+
+
+
+
+
+
+
+
+ ZAP – POLICY_DEV_CICD
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/alerttags/policy_dev_cicd/index.xml b/alerttags/policy_dev_cicd/index.xml
new file mode 100644
index 0000000000..b2cd466ccf
--- /dev/null
+++ b/alerttags/policy_dev_cicd/index.xml
@@ -0,0 +1,102 @@
+
+
+
+ POLICY_DEV_CICD on ZAP
+ /alerttags/policy_dev_cicd/
+ Recent content in POLICY_DEV_CICD on ZAP
+ Hugo
+ en-us
+
+
+ Cross Site Scripting (Reflected)
+ /docs/alerts/40012/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40012/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-1/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-2/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-3/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-4/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-4/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ Remote OS Command Injection
+ /docs/alerts/90020/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90020/
+ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p>
+
+
+ Server Side Template Injection
+ /docs/alerts/90035/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90035/
+ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p>
+
+
+ SOAP Action Spoofing
+ /docs/alerts/90026/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90026/
+ <p>An unintended SOAP operation was executed by the server.</p>
+
+
+ SOAP XML Injection
+ /docs/alerts/90029/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90029/
+ <p>Some XML injected code has been interpreted by the server.</p>
+
+
+ SQL Injection
+ /docs/alerts/40018/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40018/
+ <p>SQL injection may be possible.</p>
+
+
+ XML External Entity Attack
+ /docs/alerts/90023/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90023/
+ <p>This technique takes advantage of a feature of XML to build documents dynamically at the time of processing. An XML message can either provide data explicitly or by pointing to an URI where the data exists. In the attack technique, external entities may replace the entity value with malicious data, alternate referrals or may compromise the security of the data the server/XML application has access to.
Attackers may also use External Entities to have the web services server download malicious code or content to the server for use in secondary or follow on attacks.</p>
+
+
+ XPath Injection
+ /docs/alerts/90021/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90021/
+ <p>XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document. The syntax of XPath bears some resemblance to an SQL query, and indeed, it is possible to form SQL-like queries on an XML document using XPath.</p>
+
+
+ XSLT Injection
+ /docs/alerts/90017/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90017/
+ <p>Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.</p>
+
+
+
diff --git a/alerttags/policy_dev_full/index.html b/alerttags/policy_dev_full/index.html
new file mode 100644
index 0000000000..534c9eaf61
--- /dev/null
+++ b/alerttags/policy_dev_full/index.html
@@ -0,0 +1,435 @@
+
+
+
+
+
+
+
+
+
+ ZAP – POLICY_DEV_FULL
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/alerttags/policy_dev_full/index.xml b/alerttags/policy_dev_full/index.xml
new file mode 100644
index 0000000000..eb0c55956d
--- /dev/null
+++ b/alerttags/policy_dev_full/index.xml
@@ -0,0 +1,277 @@
+
+
+
+ POLICY_DEV_FULL on ZAP
+ /alerttags/policy_dev_full/
+ Recent content in POLICY_DEV_FULL on ZAP
+ Hugo
+ en-us
+
+
+ CRLF Injection
+ /docs/alerts/40003/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40003/
+ <p>Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response headers. In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist.</p>
+
+
+ Cross Site Scripting (DOM Based)
+ /docs/alerts/40026/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40026/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ Cross Site Scripting (Persistent)
+ /docs/alerts/40014/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40014/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ Cross Site Scripting (Persistent) - Prime
+ /docs/alerts/40016/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40016/
+
+
+
+ Cross Site Scripting (Persistent) - Spider
+ /docs/alerts/40017/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40017/
+
+
+
+ Cross Site Scripting (Reflected)
+ /docs/alerts/40012/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40012/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-1/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-2/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-3/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-4/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-4/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ Insecure HTTP Method
+ /docs/alerts/90028/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90028/
+ <p>The most common methodology for attackers is to first footprint the target’s web presence and enumerate as much information as possible. With this information, the attacker may develop an accurate attack scenario, which will effectively exploit a vulnerability in the software type/version being utilized by the target host.</p>
+
+
+ Out of Band XSS
+ /docs/alerts/40031/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40031/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ Parameter Tampering
+ /docs/alerts/40008/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40008/
+ <p>Parameter manipulation caused an error page or Java stack trace to be displayed. This indicated lack of exception handling and potential areas for further exploit.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-1/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-2/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-3/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-4/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-4/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-5/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-5/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Remote File Inclusion
+ /docs/alerts/7/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/7/
+ <p>Remote File Include (RFI) is an attack technique used to exploit “dynamic file include” mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code.</p>
+
+
+ Remote OS Command Injection
+ /docs/alerts/90020/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90020/
+ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p>
+
+
+ Server Side Code Injection - ASP Code Injection
+ /docs/alerts/90019-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90019-2/
+ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p>
+
+
+ Server Side Code Injection - PHP Code Injection
+ /docs/alerts/90019-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90019-1/
+ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p>
+
+
+ Server Side Include
+ /docs/alerts/40009/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40009/
+ <p>Certain parameters may cause Server Side Include commands to be executed. This may allow database connection or arbitrary code to be executed.</p>
+
+
+ Server Side Request Forgery
+ /docs/alerts/40046/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40046/
+ <p>The web server receives a remote address and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.</p>
+
+
+ Server Side Template Injection
+ /docs/alerts/90035/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90035/
+ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p>
+
+
+ Server Side Template Injection (Blind)
+ /docs/alerts/90036/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90036/
+ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p>
+
+
+ SOAP Action Spoofing
+ /docs/alerts/90026/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90026/
+ <p>An unintended SOAP operation was executed by the server.</p>
+
+
+ SOAP XML Injection
+ /docs/alerts/90029/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90029/
+ <p>Some XML injected code has been interpreted by the server.</p>
+
+
+ SQL Injection
+ /docs/alerts/40018/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40018/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - Hypersonic SQL
+ /docs/alerts/40020/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40020/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - MsSQL
+ /docs/alerts/40027/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40027/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - MySQL
+ /docs/alerts/40019/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40019/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - Oracle
+ /docs/alerts/40021/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40021/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - PostgreSQL
+ /docs/alerts/40022/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40022/
+ <p>SQL injection may be possible.</p>
+
+
+ Text4shell (CVE-2022-42889)
+ /docs/alerts/40047/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40047/
+ <p>Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).</p>
+
+
+ XML External Entity Attack
+ /docs/alerts/90023/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90023/
+ <p>This technique takes advantage of a feature of XML to build documents dynamically at the time of processing. An XML message can either provide data explicitly or by pointing to an URI where the data exists. In the attack technique, external entities may replace the entity value with malicious data, alternate referrals or may compromise the security of the data the server/XML application has access to.
Attackers may also use External Entities to have the web services server download malicious code or content to the server for use in secondary or follow on attacks.</p>
+
+
+ XPath Injection
+ /docs/alerts/90021/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90021/
+ <p>XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document. The syntax of XPath bears some resemblance to an SQL query, and indeed, it is possible to form SQL-like queries on an XML document using XPath.</p>
+
+
+ XSLT Injection
+ /docs/alerts/90017/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90017/
+ <p>Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.</p>
+
+
+
diff --git a/alerttags/policy_dev_std/index.html b/alerttags/policy_dev_std/index.html
new file mode 100644
index 0000000000..6b812dae24
--- /dev/null
+++ b/alerttags/policy_dev_std/index.html
@@ -0,0 +1,327 @@
+
+
+
+
+
+
+
+
+
+ ZAP – POLICY_DEV_STD
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/alerttags/policy_dev_std/index.xml b/alerttags/policy_dev_std/index.xml
new file mode 100644
index 0000000000..e4d2c3af10
--- /dev/null
+++ b/alerttags/policy_dev_std/index.xml
@@ -0,0 +1,151 @@
+
+
+
+ POLICY_DEV_STD on ZAP
+ /alerttags/policy_dev_std/
+ Recent content in POLICY_DEV_STD on ZAP
+ Hugo
+ en-us
+
+
+ Cross Site Scripting (Reflected)
+ /docs/alerts/40012/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40012/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-1/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-2/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-3/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-4/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-4/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-1/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-2/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-3/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-4/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-4/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-5/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-5/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Remote File Inclusion
+ /docs/alerts/7/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/7/
+ <p>Remote File Include (RFI) is an attack technique used to exploit “dynamic file include” mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code.</p>
+
+
+ Remote OS Command Injection
+ /docs/alerts/90020/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90020/
+ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p>
+
+
+ Server Side Include
+ /docs/alerts/40009/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40009/
+ <p>Certain parameters may cause Server Side Include commands to be executed. This may allow database connection or arbitrary code to be executed.</p>
+
+
+ Server Side Template Injection
+ /docs/alerts/90035/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90035/
+ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p>
+
+
+ SOAP Action Spoofing
+ /docs/alerts/90026/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90026/
+ <p>An unintended SOAP operation was executed by the server.</p>
+
+
+ SOAP XML Injection
+ /docs/alerts/90029/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90029/
+ <p>Some XML injected code has been interpreted by the server.</p>
+
+
+ SQL Injection
+ /docs/alerts/40018/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40018/
+ <p>SQL injection may be possible.</p>
+
+
+ XML External Entity Attack
+ /docs/alerts/90023/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90023/
+ <p>This technique takes advantage of a feature of XML to build documents dynamically at the time of processing. An XML message can either provide data explicitly or by pointing to an URI where the data exists. In the attack technique, external entities may replace the entity value with malicious data, alternate referrals or may compromise the security of the data the server/XML application has access to.
Attackers may also use External Entities to have the web services server download malicious code or content to the server for use in secondary or follow on attacks.</p>
+
+
+ XPath Injection
+ /docs/alerts/90021/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90021/
+ <p>XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document. The syntax of XPath bears some resemblance to an SQL query, and indeed, it is possible to form SQL-like queries on an XML document using XPath.</p>
+
+
+ XSLT Injection
+ /docs/alerts/90017/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90017/
+ <p>Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.</p>
+
+
+
diff --git a/alerttags/policy_qa_full/index.html b/alerttags/policy_qa_full/index.html
new file mode 100644
index 0000000000..a3847189fd
--- /dev/null
+++ b/alerttags/policy_qa_full/index.html
@@ -0,0 +1,663 @@
+
+
+
+
+
+
+
+
+
+ ZAP – POLICY_QA_FULL
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/alerttags/policy_qa_full/index.xml b/alerttags/policy_qa_full/index.xml
new file mode 100644
index 0000000000..fc3daccdea
--- /dev/null
+++ b/alerttags/policy_qa_full/index.xml
@@ -0,0 +1,543 @@
+
+
+
+ POLICY_QA_FULL on ZAP
+ /alerttags/policy_qa_full/
+ Recent content in POLICY_QA_FULL on ZAP
+ Hugo
+ en-us
+
+
+ .env Information Leak
+ /docs/alerts/40034/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40034/
+ <p>One or more .env files seems to have been located on the server. These files often expose infrastructure or administrative account credentials, API or APP keys, or other sensitive configuration information.</p>
+
+
+ .htaccess Information Leak
+ /docs/alerts/40032/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40032/
+ <p>htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer.</p>
+
+
+ Anti-CSRF Tokens Check
+ /docs/alerts/20012/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20012/
+ <p>A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.</p>
+
+
+ Backup File Disclosure
+ /docs/alerts/10095/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/10095/
+ <p>A backup of the file was disclosed by the web server.</p>
+
+
+ Bypassing 403
+ /docs/alerts/40038/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40038/
+ <p>Bypassing 403 endpoints may be possible, the scan rule sent a payload that caused the response to be accessible (status code 200).</p>
+
+
+ Cloud Metadata Potentially Exposed
+ /docs/alerts/90034/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90034/
+ <p>The Cloud Metadata Attack attempts to abuse a misconfigured NGINX server in order to access the instance metadata maintained by cloud service providers such as AWS, GCP and Azure.
All of these providers provide metadata via an internal unroutable IP address ‘169.254.169.254’ - this can be exposed by incorrectly configured NGINX servers and accessed by using this IP address in the Host header field.</p>
+
+
+ CORS Header
+ /docs/alerts/40040-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40040-1/
+ <p>Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. It relaxes the Same-Origin Policy (SOP).</p>
+
+
+ CORS Misconfiguration
+ /docs/alerts/40040-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40040-2/
+ <p>This CORS misconfiguration could allow an attacker to perform AJAX queries to the vulnerable website from a malicious page loaded by the victim’s user agent.
In order to perform authenticated AJAX queries, the server must specify the header “Access-Control-Allow-Credentials: true” and the “Access-Control-Allow-Origin” header must be set to null or the malicious page’s domain. Even if this misconfiguration doesn’t allow authenticated AJAX requests, unauthenticated sensitive content can still be accessed (e.g intranet websites).
A malicious page can belong to a malicious website but also a trusted website with flaws (e.g XSS, support of HTTP without TLS allowing code injection through MITM, etc).</p>
+
+
+ CORS Misconfiguration
+ /docs/alerts/40040-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40040-3/
+ <p>This CORS misconfiguration could allow an attacker to perform AJAX queries to the vulnerable website from a malicious page loaded by the victim’s user agent.
In order to perform authenticated AJAX queries, the server must specify the header “Access-Control-Allow-Credentials: true” and the “Access-Control-Allow-Origin” header must be set to null or the malicious page’s domain. Even if this misconfiguration doesn’t allow authenticated AJAX requests, unauthenticated sensitive content can still be accessed (e.g intranet websites).
A malicious page can belong to a malicious website but also a trusted website with flaws (e.g XSS, support of HTTP without TLS allowing code injection through MITM, etc).</p>
+
+
+ CRLF Injection
+ /docs/alerts/40003/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40003/
+ <p>Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response headers. In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist.</p>
+
+
+ Cross Site Scripting (DOM Based)
+ /docs/alerts/40026/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40026/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ Cross Site Scripting (Persistent)
+ /docs/alerts/40014/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40014/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ Cross Site Scripting (Persistent) - Prime
+ /docs/alerts/40016/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40016/
+
+
+
+ Cross Site Scripting (Persistent) - Spider
+ /docs/alerts/40017/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40017/
+
+
+
+ Cross Site Scripting (Reflected)
+ /docs/alerts/40012/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40012/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ Cross-Domain Misconfiguration - Adobe - Read
+ /docs/alerts/20016-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20016-1/
+ <p>Flash/Silverlight based cross-site request forgery may be possible, due to a misconfiguration on the web server.</p>
+
+
+ Cross-Domain Misconfiguration - Adobe - Send
+ /docs/alerts/20016-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20016-2/
+ <p>Flash/Silverlight based cross-site request forgery may be possible, due to a misconfiguration on the web server.</p>
+
+
+ Cross-Domain Misconfiguration - Silverlight
+ /docs/alerts/20016-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20016-3/
+ <p>Silverlight based cross-site request forgery may be possible, due to a misconfiguration on the web server.</p>
+
+
+ Directory Browsing
+ /docs/alerts/0/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/0/
+ <p>It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.</p>
+
+
+ ELMAH Information Leak
+ /docs/alerts/40028/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40028/
+ <p>The Error Logging Modules and Handlers (ELMAH [elmah.axd]) HTTP Module was found to be available. This module can leak a significant amount of valuable information.</p>
+
+
+ Exponential Entity Expansion (Billion Laughs Attack)
+ /docs/alerts/40044/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40044/
+ <p>An exponential entity expansion, or “billion laughs” attack is a type of denial-of-service (DoS) attack. It is aimed at parsers of markup languages like XML or YAML that allow macro expansions.</p>
+
+
+ Expression Language Injection
+ /docs/alerts/90025/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90025/
+ <p>The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-1/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-2/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-3/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-4/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-4/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ Format String Error
+ /docs/alerts/30002/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/30002/
+ <p>A Format String error occurs when the submitted data of an input string is evaluated as a command by the application.</p>
+
+
+ Generic Padding Oracle
+ /docs/alerts/90024/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90024/
+ <p>By manipulating the padding on an encrypted string, an attacker is able to generate an error message that indicates a likely ‘padding oracle’ vulnerability. Such a vulnerability can affect any application or framework that uses encryption improperly, such as some versions of ASP.net, Java Server Faces, and Mono. An attacker may exploit this issue to decrypt data and recover encryption keys, potentially viewing and modifying confidential data. This rule should detect the MS10-070 padding oracle vulnerability in ASP.net if CustomErrors are enabled for that.</p>
+
+
+ GET for POST
+ /docs/alerts/10058/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/10058/
+ <p>A request that was originally observed as a POST was also accepted as a GET. This issue does not represent a security weakness unto itself, however, it may facilitate simplification of other attacks. For example if the original POST is subject to Cross-Site Scripting (XSS), then this finding may indicate that a simplified (GET based) XSS may also be possible.</p>
+
+
+ Heartbleed OpenSSL Vulnerability
+ /docs/alerts/20015/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20015/
+ <p>The TLS implementation in OpenSSL 1.0.1 before 1.0.1g does not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, potentially disclosing sensitive information.</p>
+
+
+ Hidden File Found
+ /docs/alerts/40035/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40035/
+ <p>A sensitive file was identified as accessible or available. This may leak administrative, configuration, or credential information which can be leveraged by a malicious individual to further attack the system or conduct social engineering efforts.</p>
+
+
+ HTTP Only Site
+ /docs/alerts/10106/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/10106/
+ <p>The site is only served under HTTP and not HTTPS.</p>
+
+
+ Httpoxy - Proxy Header Misuse
+ /docs/alerts/10107/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/10107/
+ <p>The server initiated a proxied request via the proxy specified in the HTTP Proxy header of the request.Httpoxy typically affects code running in CGI or CGI like environments.
This may allow attackers to:</p>
<ul>
<li>Proxy the outgoing HTTP requests made by the web application</li>
<li>Direct the server to open outgoing connections to an address and port of their choosing or</li>
<li>Tie up server resources by forcing the vulnerable software to use a malicious proxy.</li>
</ul>
+
+
+ HTTPS Content Available via HTTP
+ /docs/alerts/10047/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/10047/
+ <p>Content which was initially accessed via HTTPS (i.e.: using SSL/TLS encryption) is also accessible via HTTP (without encryption).</p>
+
+
+ Insecure HTTP Method
+ /docs/alerts/90028/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90028/
+ <p>The most common methodology for attackers is to first footprint the target’s web presence and enumerate as much information as possible. With this information, the attacker may develop an accurate attack scenario, which will effectively exploit a vulnerability in the software type/version being utilized by the target host.</p>
+
+
+ Log4Shell (CVE-2021-44228)
+ /docs/alerts/40043-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40043-1/
+ <p>Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default.</p>
+
+
+ Log4Shell (CVE-2021-45046)
+ /docs/alerts/40043-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40043-2/
+ <p>It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.</p>
+
+
+ Out of Band XSS
+ /docs/alerts/40031/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40031/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ Parameter Tampering
+ /docs/alerts/40008/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40008/
+ <p>Parameter manipulation caused an error page or Java stack trace to be displayed. This indicated lack of exception handling and potential areas for further exploit.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-1/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-2/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-3/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-4/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-4/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-5/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-5/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Properties File Disclosure - /WEB-INF folder
+ /docs/alerts/10045-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/10045-2/
+ <p>A Java class in the /WEB-INF folder disclosed the presence of the properties file. Properties file are not intended to be publicly accessible, and typically contain configuration information, application credentials, or cryptographic keys.</p>
+
+
+ Relative Path Confusion
+ /docs/alerts/10051/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/10051/
+ <p>The web server is configured to serve responses to ambiguous URLs in a manner that is likely to lead to confusion about the correct “relative path” for the URL. Resources (CSS, images, etc.) are also specified in the page response using relative, rather than absolute URLs. In an attack, if the web browser parses the “cross-content” response in a permissive manner, or can be tricked into permissively parsing the “cross-content” response, using techniques such as framing, then the web browser may be fooled into interpreting HTML as CSS (or other content types), leading to an XSS vulnerability.</p>
+
+
+ Remote Code Execution - CVE-2012-1823
+ /docs/alerts/20018/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20018/
+ <p>Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped “=” character, enabling arbitrary code execution. In this case, an operating system command was caused to be executed on the web server, and the results were returned to the web browser.</p>
+
+
+ Remote File Inclusion
+ /docs/alerts/7/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/7/
+ <p>Remote File Include (RFI) is an attack technique used to exploit “dynamic file include” mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code.</p>
+
+
+ Remote OS Command Injection
+ /docs/alerts/90020/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90020/
+ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p>
+
+
+ Server Side Code Injection - ASP Code Injection
+ /docs/alerts/90019-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90019-2/
+ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p>
+
+
+ Server Side Code Injection - PHP Code Injection
+ /docs/alerts/90019-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90019-1/
+ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p>
+
+
+ Server Side Include
+ /docs/alerts/40009/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40009/
+ <p>Certain parameters may cause Server Side Include commands to be executed. This may allow database connection or arbitrary code to be executed.</p>
+
+
+ Server Side Request Forgery
+ /docs/alerts/40046/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40046/
+ <p>The web server receives a remote address and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.</p>
+
+
+ Server Side Template Injection
+ /docs/alerts/90035/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90035/
+ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p>
+
+
+ Server Side Template Injection (Blind)
+ /docs/alerts/90036/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90036/
+ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p>
+
+
+ SOAP Action Spoofing
+ /docs/alerts/90026/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90026/
+ <p>An unintended SOAP operation was executed by the server.</p>
+
+
+ SOAP XML Injection
+ /docs/alerts/90029/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90029/
+ <p>Some XML injected code has been interpreted by the server.</p>
+
+
+ Source Code Disclosure - /WEB-INF Folder
+ /docs/alerts/10045-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/10045-1/
+ <p>Java source code was disclosed by the web server in Java class files in the WEB-INF folder. The class files can be dis-assembled to produce source code which very closely matches the original source code.</p>
+
+
+ Source Code Disclosure - CVE-2012-1823
+ /docs/alerts/20017/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20017/
+ <p>Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped “=” character, enabling PHP source code disclosure, and arbitrary code execution. In this case, the contents of the PHP file were served directly to the web browser. This output will typically contain PHP, although it may also contain straight HTML.</p>
+
+
+ Source Code Disclosure - File Inclusion
+ /docs/alerts/43/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/43/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Source Code Disclosure - Git
+ /docs/alerts/41/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/41/
+ <p>The source code for the current page was disclosed by the web server.</p>
+
+
+ Source Code Disclosure - SVN
+ /docs/alerts/42/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/42/
+ <p>The source code for the current page was disclosed by the web server.</p>
+
+
+ Spring Actuator Information Leak
+ /docs/alerts/40042/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40042/
+ <p>Spring Actuator for Health is enabled and may reveal sensitive information about this application. Spring Actuators can be used for real monitoring purposes, but should be used with caution as to not expose too much information about the application or the infrastructure running it.</p>
+
+
+ Spring4Shell
+ /docs/alerts/40045/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40045/
+ <p>The application appears to be vulnerable to CVE-2022-22965 (otherwise known as Spring4Shell) - remote code execution (RCE) via data binding.</p>
+
+
+ SQL Injection
+ /docs/alerts/40018/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40018/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - Hypersonic SQL
+ /docs/alerts/40020/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40020/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - MsSQL
+ /docs/alerts/40027/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40027/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - MySQL
+ /docs/alerts/40019/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40019/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - Oracle
+ /docs/alerts/40021/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40021/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - PostgreSQL
+ /docs/alerts/40022/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40022/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - SQLite
+ /docs/alerts/40024/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40024/
+ <p>SQL injection may be possible.</p>
+
+
+ Text4shell (CVE-2022-42889)
+ /docs/alerts/40047/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40047/
+ <p>Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).</p>
+
+
+ Trace.axd Information Leak
+ /docs/alerts/40029/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40029/
+ <p>The ASP.NET Trace Viewer (trace.axd) was found to be available. This component can leak a significant amount of valuable information.</p>
+
+
+ XML External Entity Attack
+ /docs/alerts/90023/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90023/
+ <p>This technique takes advantage of a feature of XML to build documents dynamically at the time of processing. An XML message can either provide data explicitly or by pointing to an URI where the data exists. In the attack technique, external entities may replace the entity value with malicious data, alternate referrals or may compromise the security of the data the server/XML application has access to.
Attackers may also use External Entities to have the web services server download malicious code or content to the server for use in secondary or follow on attacks.</p>
+
+
+ XPath Injection
+ /docs/alerts/90021/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90021/
+ <p>XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document. The syntax of XPath bears some resemblance to an SQL query, and indeed, it is possible to form SQL-like queries on an XML document using XPath.</p>
+
+
+ XSLT Injection
+ /docs/alerts/90017/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90017/
+ <p>Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.</p>
+
+
+
diff --git a/alerttags/policy_qa_std/index.html b/alerttags/policy_qa_std/index.html
new file mode 100644
index 0000000000..308a7fc7fe
--- /dev/null
+++ b/alerttags/policy_qa_std/index.html
@@ -0,0 +1,441 @@
+
+
+
+
+
+
+
+
+
+ ZAP – POLICY_QA_STD
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/alerttags/policy_qa_std/index.xml b/alerttags/policy_qa_std/index.xml
new file mode 100644
index 0000000000..b383fe556f
--- /dev/null
+++ b/alerttags/policy_qa_std/index.xml
@@ -0,0 +1,284 @@
+
+
+
+ POLICY_QA_STD on ZAP
+ /alerttags/policy_qa_std/
+ Recent content in POLICY_QA_STD on ZAP
+ Hugo
+ en-us
+
+
+ Anti-CSRF Tokens Check
+ /docs/alerts/20012/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20012/
+ <p>A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.</p>
+
+
+ CORS Header
+ /docs/alerts/40040-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40040-1/
+ <p>Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. It relaxes the Same-Origin Policy (SOP).</p>
+
+
+ CORS Misconfiguration
+ /docs/alerts/40040-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40040-2/
+ <p>This CORS misconfiguration could allow an attacker to perform AJAX queries to the vulnerable website from a malicious page loaded by the victim’s user agent.
In order to perform authenticated AJAX queries, the server must specify the header “Access-Control-Allow-Credentials: true” and the “Access-Control-Allow-Origin” header must be set to null or the malicious page’s domain. Even if this misconfiguration doesn’t allow authenticated AJAX requests, unauthenticated sensitive content can still be accessed (e.g intranet websites).
A malicious page can belong to a malicious website but also a trusted website with flaws (e.g XSS, support of HTTP without TLS allowing code injection through MITM, etc).</p>
+
+
+ CORS Misconfiguration
+ /docs/alerts/40040-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40040-3/
+ <p>This CORS misconfiguration could allow an attacker to perform AJAX queries to the vulnerable website from a malicious page loaded by the victim’s user agent.
In order to perform authenticated AJAX queries, the server must specify the header “Access-Control-Allow-Credentials: true” and the “Access-Control-Allow-Origin” header must be set to null or the malicious page’s domain. Even if this misconfiguration doesn’t allow authenticated AJAX requests, unauthenticated sensitive content can still be accessed (e.g intranet websites).
A malicious page can belong to a malicious website but also a trusted website with flaws (e.g XSS, support of HTTP without TLS allowing code injection through MITM, etc).</p>
+
+
+ Cross Site Scripting (DOM Based)
+ /docs/alerts/40026/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40026/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ Cross Site Scripting (Persistent)
+ /docs/alerts/40014/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40014/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ Cross Site Scripting (Persistent) - Prime
+ /docs/alerts/40016/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40016/
+
+
+
+ Cross Site Scripting (Persistent) - Spider
+ /docs/alerts/40017/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40017/
+
+
+
+ Cross Site Scripting (Reflected)
+ /docs/alerts/40012/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40012/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ Directory Browsing
+ /docs/alerts/0/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/0/
+ <p>It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.</p>
+
+
+ Exponential Entity Expansion (Billion Laughs Attack)
+ /docs/alerts/40044/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40044/
+ <p>An exponential entity expansion, or “billion laughs” attack is a type of denial-of-service (DoS) attack. It is aimed at parsers of markup languages like XML or YAML that allow macro expansions.</p>
+
+
+ Expression Language Injection
+ /docs/alerts/90025/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90025/
+ <p>The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-1/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-2/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-3/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-4/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-4/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ GET for POST
+ /docs/alerts/10058/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/10058/
+ <p>A request that was originally observed as a POST was also accepted as a GET. This issue does not represent a security weakness unto itself, however, it may facilitate simplification of other attacks. For example if the original POST is subject to Cross-Site Scripting (XSS), then this finding may indicate that a simplified (GET based) XSS may also be possible.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-1/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-2/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-3/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-4/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-4/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-5/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-5/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Remote File Inclusion
+ /docs/alerts/7/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/7/
+ <p>Remote File Include (RFI) is an attack technique used to exploit “dynamic file include” mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code.</p>
+
+
+ Remote OS Command Injection
+ /docs/alerts/90020/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90020/
+ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p>
+
+
+ Server Side Code Injection - ASP Code Injection
+ /docs/alerts/90019-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90019-2/
+ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p>
+
+
+ Server Side Code Injection - PHP Code Injection
+ /docs/alerts/90019-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90019-1/
+ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p>
+
+
+ Server Side Include
+ /docs/alerts/40009/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40009/
+ <p>Certain parameters may cause Server Side Include commands to be executed. This may allow database connection or arbitrary code to be executed.</p>
+
+
+ Server Side Template Injection
+ /docs/alerts/90035/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90035/
+ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p>
+
+
+ SOAP Action Spoofing
+ /docs/alerts/90026/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90026/
+ <p>An unintended SOAP operation was executed by the server.</p>
+
+
+ SOAP XML Injection
+ /docs/alerts/90029/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90029/
+ <p>Some XML injected code has been interpreted by the server.</p>
+
+
+ SQL Injection
+ /docs/alerts/40018/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40018/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - Hypersonic SQL
+ /docs/alerts/40020/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40020/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - MsSQL
+ /docs/alerts/40027/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40027/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - MySQL
+ /docs/alerts/40019/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40019/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - Oracle
+ /docs/alerts/40021/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40021/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - PostgreSQL
+ /docs/alerts/40022/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40022/
+ <p>SQL injection may be possible.</p>
+
+
+ XML External Entity Attack
+ /docs/alerts/90023/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90023/
+ <p>This technique takes advantage of a feature of XML to build documents dynamically at the time of processing. An XML message can either provide data explicitly or by pointing to an URI where the data exists. In the attack technique, external entities may replace the entity value with malicious data, alternate referrals or may compromise the security of the data the server/XML application has access to.
Attackers may also use External Entities to have the web services server download malicious code or content to the server for use in secondary or follow on attacks.</p>
+
+
+ XPath Injection
+ /docs/alerts/90021/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90021/
+ <p>XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document. The syntax of XPath bears some resemblance to an SQL query, and indeed, it is possible to form SQL-like queries on an XML document using XPath.</p>
+
+
+ XSLT Injection
+ /docs/alerts/90017/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90017/
+ <p>Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.</p>
+
+
+
diff --git a/alerttags/policy_sequence/index.html b/alerttags/policy_sequence/index.html
new file mode 100644
index 0000000000..c8f6e7fa8f
--- /dev/null
+++ b/alerttags/policy_sequence/index.html
@@ -0,0 +1,399 @@
+
+
+
+
+
+
+
+
+
+ ZAP – POLICY_SEQUENCE
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/alerttags/policy_sequence/index.xml b/alerttags/policy_sequence/index.xml
new file mode 100644
index 0000000000..9d20e73d92
--- /dev/null
+++ b/alerttags/policy_sequence/index.xml
@@ -0,0 +1,235 @@
+
+
+
+ POLICY_SEQUENCE on ZAP
+ /alerttags/policy_sequence/
+ Recent content in POLICY_SEQUENCE on ZAP
+ Hugo
+ en-us
+
+
+ CRLF Injection
+ /docs/alerts/40003/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40003/
+ <p>Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response headers. In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist.</p>
+
+
+ Cross Site Scripting (DOM Based)
+ /docs/alerts/40026/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40026/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ Cross Site Scripting (Reflected)
+ /docs/alerts/40012/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40012/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-1/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-2/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-3/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ External Redirect
+ /docs/alerts/20019-4/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/20019-4/
+ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+
+ Out of Band XSS
+ /docs/alerts/40031/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40031/
+ <p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-1/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-2/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-3/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-3/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-4/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-4/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Path Traversal
+ /docs/alerts/6-5/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/6-5/
+ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p>
+
+
+ Remote File Inclusion
+ /docs/alerts/7/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/7/
+ <p>Remote File Include (RFI) is an attack technique used to exploit “dynamic file include” mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code.</p>
+
+
+ Remote OS Command Injection
+ /docs/alerts/90020/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90020/
+ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p>
+
+
+ Server Side Code Injection - ASP Code Injection
+ /docs/alerts/90019-2/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90019-2/
+ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p>
+
+
+ Server Side Code Injection - PHP Code Injection
+ /docs/alerts/90019-1/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90019-1/
+ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p>
+
+
+ Server Side Request Forgery
+ /docs/alerts/40046/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40046/
+ <p>The web server receives a remote address and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.</p>
+
+
+ Server Side Template Injection
+ /docs/alerts/90035/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90035/
+ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p>
+
+
+ Server Side Template Injection (Blind)
+ /docs/alerts/90036/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90036/
+ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p>
+
+
+ SOAP Action Spoofing
+ /docs/alerts/90026/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90026/
+ <p>An unintended SOAP operation was executed by the server.</p>
+
+
+ SOAP XML Injection
+ /docs/alerts/90029/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90029/
+ <p>Some XML injected code has been interpreted by the server.</p>
+
+
+ SQL Injection
+ /docs/alerts/40018/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40018/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - Hypersonic SQL
+ /docs/alerts/40020/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40020/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - MsSQL
+ /docs/alerts/40027/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40027/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - MySQL
+ /docs/alerts/40019/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40019/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - Oracle
+ /docs/alerts/40021/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40021/
+ <p>SQL injection may be possible.</p>
+
+
+ SQL Injection - PostgreSQL
+ /docs/alerts/40022/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40022/
+ <p>SQL injection may be possible.</p>
+
+
+ Text4shell (CVE-2022-42889)
+ /docs/alerts/40047/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40047/
+ <p>Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).</p>
+
+
+ XML External Entity Attack
+ /docs/alerts/90023/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90023/
+ <p>This technique takes advantage of a feature of XML to build documents dynamically at the time of processing. An XML message can either provide data explicitly or by pointing to an URI where the data exists. In the attack technique, external entities may replace the entity value with malicious data, alternate referrals or may compromise the security of the data the server/XML application has access to.
Attackers may also use External Entities to have the web services server download malicious code or content to the server for use in secondary or follow on attacks.</p>
+
+
+ XPath Injection
+ /docs/alerts/90021/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90021/
+ <p>XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document. The syntax of XPath bears some resemblance to an SQL query, and indeed, it is possible to form SQL-like queries on an XML document using XPath.</p>
+
+
+ XSLT Injection
+ /docs/alerts/90017/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90017/
+ <p>Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.</p>
+
+
+
diff --git a/alerttags/wstg-v42-cryp-03/index.html b/alerttags/wstg-v42-cryp-03/index.html
index 365c0b9930..b8d3c968ff 100644
--- a/alerttags/wstg-v42-cryp-03/index.html
+++ b/alerttags/wstg-v42-cryp-03/index.html
@@ -145,6 +145,12 @@
diff --git a/alerttags/wstg-v42-cryp-03/index.xml b/alerttags/wstg-v42-cryp-03/index.xml
index 40f46511ca..3bbebe93d0 100644
--- a/alerttags/wstg-v42-cryp-03/index.xml
+++ b/alerttags/wstg-v42-cryp-03/index.xml
@@ -7,6 +7,13 @@
Hugoen-us
+
+ HTTP Only Site
+ /docs/alerts/10106/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/10106/
+ <p>The site is only served under HTTP and not HTTPS.</p>
+ HTTP to HTTPS Insecure Transition in Form Post
/docs/alerts/10041/
diff --git a/alerttags/wstg-v42-inpv-02/index.html b/alerttags/wstg-v42-inpv-02/index.html
index ffc0795d7c..1b5affc9ae 100644
--- a/alerttags/wstg-v42-inpv-02/index.html
+++ b/alerttags/wstg-v42-inpv-02/index.html
@@ -151,6 +151,18 @@
diff --git a/alerttags/wstg-v42-inpv-02/index.xml b/alerttags/wstg-v42-inpv-02/index.xml
index cca36cfd8f..78747273ca 100644
--- a/alerttags/wstg-v42-inpv-02/index.xml
+++ b/alerttags/wstg-v42-inpv-02/index.xml
@@ -14,6 +14,20 @@
/docs/alerts/40014/<p>Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.</p>
+
+ Cross Site Scripting (Persistent) - Prime
+ /docs/alerts/40016/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40016/
+
+
+
+ Cross Site Scripting (Persistent) - Spider
+ /docs/alerts/40017/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40017/
+
+ Out of Band XSS
/docs/alerts/40031/
diff --git a/alerttags/wstg-v42-sess-02/index.html b/alerttags/wstg-v42-sess-02/index.html
index dea06b5bf5..5b5381feb1 100644
--- a/alerttags/wstg-v42-sess-02/index.html
+++ b/alerttags/wstg-v42-sess-02/index.html
@@ -181,12 +181,6 @@
diff --git a/alerttags/wstg-v42-sess-02/index.xml b/alerttags/wstg-v42-sess-02/index.xml
index ced9f60e6b..6194b51df7 100644
--- a/alerttags/wstg-v42-sess-02/index.xml
+++ b/alerttags/wstg-v42-sess-02/index.xml
@@ -49,13 +49,6 @@
/docs/alerts/10011/<p>A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.</p>
-
- HTTP Only Site
- /docs/alerts/10106/
- Mon, 01 Jan 0001 00:00:00 +0000
- /docs/alerts/10106/
- <p>The site is only served under HTTP and not HTTPS.</p>
- Loosely Scoped Cookie
/docs/alerts/90033/
diff --git a/docs/alerts/0/index.html b/docs/alerts/0/index.html
index c793120109..54c083e067 100644
--- a/docs/alerts/0/index.html
+++ b/docs/alerts/0/index.html
@@ -194,6 +194,12 @@